Match score not available

Information Security Risk Analyst II

Remote: 
Full Remote
Contract: 
Salary: 
6 - 91K yearly
Experience: 
Senior (5-10 years)
Work from: 

Offer summary

Qualifications:

Bachelor’s degree in related field with 3+ years of experience or 5+ years in GRC, Preferred certifications: CISSP, CISM, CRISC, Strong experience with Qualys and Linux, Understanding of compliance requirements like GDPR, Familiarity with GRC frameworks like SOC 2.

Key responsabilities:

  • Conduct risk assessments and develop mitigation strategies
  • Manage vendor risk assessments and third-party evaluations
  • Coordinate penetration testing and remediation efforts
  • Prepare risk management reports for leadership
  • Support development of governance policies and incident response plans
OnTrac logo
OnTrac XLarge https://www.ontrac.com/
5001 - 10000 Employees
See more OnTrac offers

Job description

OnTrac is hiring an Information Security Risk Analyst II

Are you eager to join a dynamic and expanding company where you can both learn and make a meaningful impact? If you possess a strong sense of empathy, enjoy assisting others, thrive in a fast-paced environment, and excel at problem-solving, we encourage you to apply today to connect with a recruiter!

Founded in 1986, OnTrac has evolved into the leading provider of same-day and next-day delivery services in the U.S. for premier e-commerce and product-supply businesses, including five of the largest retailers in the U.S.

Location: Louisville, KY, McLean, VA, or Phoenix, AZ (Local to the these areas preferred)

Pay: $83 - 91K per year

Shift: Monday to Friday from 8:00am – 5:00pm

Employment Logistics:

We are seeking an experienced and detail-oriented Information Security Risk Analyst to join our Governance, Risk, and Compliance team. In this role, you will be responsible for identifying, assessing, and mitigating risks related to IT security, regulatory compliance, and business continuity. As an intermediate-level analyst, you will leverage your knowledge of risk management frameworks, regulatory standards, and control environments to support the organization’s risk management strategy, working collaboratively with various departments to ensure alignment with policies, standards, and procedures.

Unpacking the Benefits:

  • Competitive individual and group benefits  
  • Medical, Dental, and Vision insurance  
  • Paid Time Off including Holiday pay  
  • 401(k) with company match  
  • Safe and clean work environment  

The Must-Haves:

Education and Experience:

  • Bachelor’s degree in Information Security, Cybersecurity Risk Management or a related field with 3+ years of experience in governance, risk and compliance or related fields (e.g., cybersecurity, internal audit, or IT governance).

OR

  • 5+ years of experience in governance, risk, and compliance or related fields (e.g., cybersecurity, internal audit, or IT governance).

Certifications (Preferred):

  • CISSP, CISM, CRISC, or other relevant GRC certifications.

Technical Skills:

  • Strong experience with Qualys (vulnerability management, compliance, and web application scanning)
  • Proficient in Linux operating systems
  • Understanding of IP Addressing and Subnetting for discovery purposes
  • Familiarity with GRC frameworks such as SOC 2, NIST Cybersecurity Framework, CIS Controls or similar standards.
  • Experience with vulnerability management tools, specifically Qualys tools and GRC platforms.
  • Understanding of IT security concepts, data protection regulations and compliance requirements (e.g., GDPR, CCPA/CPRA, PCI-DSS).

Analytical & Communication Skills:

  • Strong analytical and problem-solving skills, with attention to detail.
  • Strong time management and prioritization skills
  • Self-starter with the ability and drive to take initiative
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively across departments.
  • Ability to create clear, concise, and actionable reports and recommendations.

Preferred Qualifications:

  • Experience in Vulnerability Management.
  • Experience in vendor risk management and third-party assessments.
  • Experience in risk management within regulated industries and industry frameworks.
  • Knowledge and understanding of U.S. privacy regulations and data protection laws.

Your Mission in Motion:

Risk/Vulnerability Assessment & Management:

  • Conduct risk assessments, identifying threats, vulnerabilities and the associated business impact.
  • Assist in developing risk mitigation strategies and action plans, working with relevant stakeholders to ensure timely remediation of identified risks.
  • Monitor and report on key risk indicators (KRIs) and ensure alignment with the organization's risk appetite.

Third-party Risk Management:

  • Conduct due diligence and risk assessments on third-party vendors to ensure they meet the organization’s compliance and security requirements.
  • Support the development of vendor risk management programs and provide recommendations to enhance third-party risk governance.

Testing & Remediating

  • Coordinate and oversee penetration testing and remediation.
  • Review DevOps SAST and DAST testing and remediation results to enhance secure coding practices.

Documentation & Reporting:

  • Prepare and maintain risk management reports, dashboards, and presentations for senior leadership.
  • Ensure accurate documentation of risk assessment findings and mitigation strategies.

Governance & Policy Support:

  • Assist in the development and enforcement of governance frameworks, policies, and procedures in line with regulatory requirements (e.g., SOC 2 and US State data privacy regulations).
  • Collaborate with internal audit, legal, and compliance teams to ensure the organization’s governance, risk, and compliance posture is robust and up to date.

Incident Management:

  • Assist in developing and maintaining incident response plans, ensuring incidents are properly documented, reported, and remediated.
  • Provide risk analysis support during security events and incidents.

Training & Awareness:

  • Assist in developing and delivering training programs to increase awareness of risk management and compliance practices across the organization.
  • Provide guidance and support to business units on GRC-related topics and best practices.

Compliance Monitoring:

  • Monitor compliance with various regulatory frameworks and internal policies.
  • Coordinate and assist in internal and external audits by collecting evidence, preparing audit reports, and tracking remediation activities.

Paving your way to your success:

  • Demonstrates knowledge of internal systems and processes. Is responsible for doing job duties.
  • Consistently follows safety guidelines and protocols while ensuring a clean and safe work environment.
  • Has organizational skills and the ability to prioritize work.
  • Supports change initiatives effectively and appropriately
  • Presents ideas to support improving work and team processes.
  • Always treats people with respect and dignity and promotes a pleasant and professional work environment.
  • Provides assistance, information, and support to others to build a basis for future reciprocity.
  • Speaks and writes in a clear, concise manner; uses efficient and appropriate methods to disseminate information.

If you are excited to be part of our team and grow with our OnTrac family, we invite you to apply! 

OnTrac is proud to be an Equal Opportunity Employer

OnTrac is an equal opportunity employer. We value diversity and welcome applications from individuals of all backgrounds, abilities, and experiences. We do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or age. Join us in our commitment to creating a diverse and inclusive workplace. If you are excited to be part of our team and contribute to our talent acquisition efforts, we invite you to apply.

Lasership, Inc. dba OnTrac Final Mile with its affiliates, including OnTrac Logistics, Inc. (collectively, "OnTrac" or the "Company") is an equal opportunity employer.

Apply Now

Required profile

Experience

Level of experience: Senior (5-10 years)
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Report Writing
  • Problem Solving
  • Collaboration
  • Analytical Skills
  • Governance
  • Time Management
  • Detail Oriented
  • Verbal Communication Skills
  • Social Skills

Information Security Analyst Related jobs