Information Security Analyst

Description

• Help identify, document, and track remediation of security and privacy risks within the GRC platform (e.g., Drata, ServiceNow GRC, OneTrust, Vanta, etc.).
• Assist in risk assessments for AI systems, ensuring they align with responsible AI principles such as fairness, accountability, and transparency.
• Participate in enterprise risk assessments, including third-party, application, and AI model risk reviews.
• Assist in developing, maintaining, and aligning information security policies with frameworks such as NIST CSF, ISO 27001, SOC 2, CIS, and the NIST AI RMF.
• Contribute to inventories of AI tools and use cases across the enterprise.
• Collaborate with IT and legal teams to ensure that AI use complies with company policies.
• Support internal policy review cycles, ensuring consistent version control and executive approval.
• Maintain control documentation and track audit remediation activities.
• Stay informed about new threats, regulatory trends, and AI governance frameworks.
• Assist with data classification, retention, and handling standards, ensuring sensitive data is appropriately protected.
• Help design and distribute training materials related to cybersecurity, data protection, and responsible AI practices.
• Prepare metrics, dashboards, and presentations for leadership briefings.
• Engage in ongoing professional development and certification opportunities.
• Support continuous monitoring of compliance requirements and updates to regulatory obligations, including emerging AI governance and data-related laws.
• Gather and organize evidence for internal and external audits (ISO 27001, PCI, HIPAA, etc.).
• Help review access controls, encryption standards, and secure data transfer processes in coordination with IT teams.
• Participate in projects that automate or streamline GRC processes, such as policy lifecycle management or risk scoring.
• Contribute to documentation and control mapping for new or updated regulations related to AI, privacy, and data protection (e.g., GDPR, CCPA, NIST 800-53 Rev 5).
• Support data inventory and mapping efforts to improve visibility where critical data resides.
• Collaborate with the IT team to ensure alignment between data quality, privacy, and security controls.
• Support internal campaigns promoting secure data handling and ethical technology usage.
• Support the development of risk metrics and dashboards for leadership reporting.

Requirements

• Ability to manage multiple priorities in a fast-paced environment.
• Exposure to frameworks such as NIST CSF, ISO 27001, SOC 2, NIST AI RMF, or COBIT.
• Must be able to work in the U.S. without sponsorship
• Strong analytical, communication, and documentation skills.
• 0-2 years of experience in cybersecurity, risk management, compliance, or data governance (internship or coursework acceptable).
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Data Science, or a related field is preferred
• Proficient in Microsoft Excel, PowerPoint, and data analysis or GRC tools.
• Basic familiarity with AI systems, data governance concepts, or information security practices.
• Understanding of cybersecurity principles, risk management, and data privacy fundamentals.
• Learn to evaluate AI-related risks such as model bias, data leakage, data lineage, model transparency, and unintended data exposure.

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance