Note: The job is a remote job and is open to candidates in USA. Net2Source Inc. is a global leader in workforce solutions, recognized for its rapid growth and innovative approach to connecting talent with opportunities. They are seeking an Information Security Analyst 2 to join their Information Risk Management team, where the primary responsibilities include performing risk assessments, ensuring compliance with security policies, and collaborating on data analysis and reporting.
Responsibilities
- Vendor Information Risk Assessments
- Perform formal risk assessments on partner and vendor connections, evaluating vendor processes at the point of engagement with client
- Ensure sufficient validation of data sharing arrangements and agreements to protect client's sensitive information
- Confirm business objectives align with the type and volume of data used, maintaining a "need to know/use" mindset
- Review third-party SOC reports and vendor security documentation as part of assessment activities
- Help establish risk and remediation ownership for identified vendor-related risks and document findings in the Risk Register
- Security Controls Baseline Assessments
- Assess moderately complex platforms and systems against client security and configuration standards
- Evaluate and process exceptions to information security policies and standards
- Perform compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems
- Consult with technology units on IT general controls (ITGCs) and compliance matters
- Champion information security policies, standards, controls, and processes so compliance requirements are addressed as part of business-as-usual operations
- Internal Risk Assessments
- Identify, document, and elevate visibility to information risk where business direction creates potential exposure to employee, athlete, and product sensitive data streams
- Identify and profile client systems and processes that require risk assessments; scope specific assessments accordingly
- Perform detailed analysis of threats and vulnerabilities across information security domains including network security, asset security, security engineering, identity and access management, security operations, and software development security
- Review key system configurations and complex IT infrastructures (e.g., cloud services)
- Communicate effectively through risk reports, presentations, and stakeholder interactions to drive remediation of identified risks
- Data Analysis and Other Projects
- Support vendor risk management metrics, reporting, and master data stewardship to improve accuracy, timeliness, and completeness
- Provide analysis and insights into data supporting the effectiveness of technical and process based cybersecurity controls
- Collaborate on process improvements for data retrieval, analysis, and risk assessment intake
- Contribute to IRM team projects and strategic initiatives as assigned, including documentation in ServiceNow (SNOW) and Box
- Support the risk analysis intake process and participate in daily standups and weekly process meetings
- General Responsibilities
- Execute targeted internal and external (vendor) risk assessments in support of IRM strategy, following established team processes and enablers
- Be proactive in anticipating next steps in the risk assessment process and take action accordingly
- Collaborate with team members on assessment approach, scoping, documentation, and issue presentation activities
- Serve as an information security and CIS ambassador to client lines of business and management
- Provide enforcement of security policies, standards, and procedures by working cross functionally with Compliance and Governance functions
- Stay current on information security technologies, trends, standards, best practices, and emerging threats and vulnerabilities
Skills
- 2-5 years' minimum experience required in tech, cybersecurity, risk management, or similar role
- Bachelor's degree in Business Information Management, Computer Science, or a related field, OR relevant experience in lieu of a degree
- 5+ years of experience in information security, risk management, GRC, or a related field
- Knowledge of information security principles and practices, best practice security architectures, general procedures, and guidelines
- Knowledge of information security frameworks and best practices (e.g., NIST, ISO 27000, COBIT, COSO)
- Experience performing vendor/third-party risk assessments and internal information security risk assessments
- Experience assessing systems against security standards and performing control validation or baseline assessments
- Strong analytical and problem-solving skills with experience identifying solutions for complex problems in enterprise environments
- Superb communication skills (written and verbal) with comfort and experience in presentation delivery and proven persuasion skills
- The ability to appropriately communicate complex security risks to non-technical staff
- Must be trustworthy in keeping sensitive data confidential
- Demonstrated desire for continual learning and improvement
- Degree preferred, not a hard requirement
- CRISC, CISSP certifications preferred, not required
- Experience reviewing third-party SOC reports preferred
- Experience with ServiceNow, Confluence, or Jira preferred
- CISSP, CISM, CRISC, or relevant GIAC Management Focus Area certifications preferred
- Advanced knowledge of Excel and PowerPoint; experience organizing and analyzing large datasets preferred
Benefits
- Remote Work: Yes
- Think work-life balance, professional growth, and a collaborative culture where your ideas matter.
Company Overview