ISO Analyst

Information Security Analyst
Hybrid (3 Days On Site, 2 Days Remote) - Richmond VA
Duration: 24 months renewable contract

Job Summary:
We is seeking an Information Security Analyst for a two-year contract, offering a hybrid work environment (three days onsite, two days remote). The Information Security Analyst will play a key role in advancing cybersecurity and privacy awareness across the organization. This role will participate in the creation and maintenance of Information Security and privacy policies and standards and contribute to the efforts of the Information Security Office (ISO) and related security projects.

Key Responsibilities:

• Participate in Information Security and Privacy initiatives across all business units and vendor engagements to ensure proper security controls are implemented and maintained.
• Enter and update information security records, documentation, and data within the Governance Risk and Compliance (GRC) system.
• Collaborate with business stakeholders to develop and maintain information System Security Plans (SSP).
• Represent the Information Security Office in project management-led initiatives to ensure information security requirements are considered in key projects.
• Work cross-functionally with teams and end-users to understand business needs, facilitate compliance, and communicate clearly.
• Assist in developing, maintaining, and updating information security standards and processes, occasionally performing research from reputable industry sources.
• Contribute to controls documentation, including drafting narratives, creating system diagrams, and populating risk assessment templates for business approval.
• Assist in the review of contracts and vendor documentation to verify adequate information security protection measures are in place.

• Minimum three (3) years of demonstrated experience in Information Security, specifically in governance, risk, and compliance.
• In-depth understanding of information security principles, technologies, and practices.
• Strong knowledge of IT infrastructure planning, implementation, and management.
• Ability to organize work, set priorities, meet deadlines, and operate independently.
• Experience with security frameworks such as NIST, ISO 27001, COBIT, or similar.
• Exceptional organizational skills and attention to detail.
• Ability to adapt to changing priorities and ambiguous environments.
• Experience drafting and maintaining Information Security and Privacy policies, standards, and procedures.
• Proficient in interpreting security documentation, flow diagrams, and process maps.
• Understanding of general contract terms and the ability to review security clauses.
• Ability to create diagrams, flowcharts, and spreadsheets with standard desktop software.
• Strong written and verbal communication skills for various audiences.

• Bachelor's degree in Computer Science, Information Systems, or related field; CISA, CISSP, or similar certifications.
• Experience in the financial services sector.
• Familiarity with cloud and application security controls.
• Working knowledge of information security regulatory compliance (e.g., GLBA, GDPR, PCI).
• Awareness of privacy regulations (e.g., GDPR, CCPA, VCDPA).

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.