Information Security Analyst - Hybrid

Location: Hybrid (3 days onsite, 2 days remote) north of Pittsburgh, PA

Job Type: Full Time / Contract 

Work Authorization: No Sponsorship

The A.C.Coy company has an immediate opening for an Information Security Analyst.  Ideal candidates must have experience delivering projects for an Information Security Group and acting as a technical SME regarding SOC 2 assessments and security control framework. 

• Support the delivery of projects for the Information Security Group and the broader Global Technology Operations team
• Act as a technical SME regarding SOC 2 assessments and security control framework
• Support Client’s SOC 2 assessment, working with internal stakeholders to evidence security controls in operation
• Work with stakeholders to review and update Clients’s security controls framework in line with recent changes to NIST and CIS controls
• Coordinate stakeholders across the organization to disseminate assessment findings and coordinate remediation
• Work closely with project managers on outlining key tasks, refining delivery plans

• Experience working internally to deliver a SOC 2 certification, working with internal stakeholders to evidence controls and interfacing with external auditor - 3+ years
• Experience working with virtual server and desktop environments such as VMware and Citrix - 3+ years
• Familiarity with security frameworks such as NIST800, CIS, ISO27001 - 2+ years
• Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR - 2+ years
• CISSP, CCSP, CompTIA Security+, GIAC security essentials certifications - Preferred