Information Security Analyst

Company: Analysis Group, Inc.
Location: Boston
Posted on: April 1, 2025

Job Description:

OverviewAnalysis Group is one of the largest international economics consulting firms, with more than 1,500 professionals across 15 offices in North America, Europe, and Asia. Since 1981, we have provided expertise in economics, finance, health care analytics, and strategy to top law firms, Fortune Global 500 companies, and government agencies worldwide. Our internal experts, together with our network of affiliated experts from academia, industry, and government, offer our clients exceptional breadth and depth of expertise.The Information Security Analyst will support the Director of Information Security and Risk Management in the continuous improvement of the firm's cybersecurity, compliance, and governance programs. The role will focus on Governance, Risk, and Compliance (GRC), third-party risk management, internal/external audit support, and security awareness. This position requires an organized, detail-oriented professional who is passionate about cybersecurity and risk reduction.Essential Job Function & Responsibilities:

Governance Support
- Maintain and update information security policies, procedures, and standards, ensuring alignment with regulatory and industry best practices (ISO 27001, SOC 2, NIST 800-53).
- Manage security policy exceptions and risk acceptance processes.
- Develop and track security metrics for senior leadership and regulatory reporting.
- Support internal and external audits, ensuring successful regulatory compliance efforts.
- Ensure adherence to legal and contractual security requirements, assisting in compliance with government and client security expectations.
- Risk Management and Audit Support
  - Maintain the Risk Register and participate in the risk assessment process.
  - Conduct security control testing and report on gaps, controls effectiveness, and areas for improvement.
  - Develop dashboards to visualize risk trends and control effectiveness.
  - Develop and maintain risk management metrics, reports, and dashboards.
  - Participate in and manage audit requests, aligning internal stakeholders and facilitating evidence collection to ensure timely and accurate responses.
  - Third-Party Risk Management (TPRM)
    - Assess vendors and third-party service providers to evaluate security posture and compliance.
    - Track and manage vendor security reviews, including remediation plans where necessary.
    - Collaborate with Legal, IT, and Privacy to ensure contract security clauses meet firm standards.
    - Security Operations and Reporting
      - Support vulnerability management efforts, including scanning and remediation tracking.
      - Conduct and manage periodic access reviews, ensuring that users have appropriate access based on least privilege and business requirements.
      - Incident Response & Resilience
        
        Organize and facilitate cybersecurity tabletop exercises to assess response readiness and identify areas for improvement.
        
        Review, test, and improve the Incident Response Plan (IRP), ensuring alignment with evolving threats and best practices.
        
        Track lessons learned and drive corrective actions to enhance response capabilities.
        
        Assist in security incident investigations, coordinating response efforts and documentation as needed.
        
        Security Awareness and Training
        
        Develop and conduct security awareness training, including phishing simulations and targeted educational programs.
        
        Partner with stakeholders to improve security procedures, training, IT processes, and the security of existing systems.
        
        Maintain and update the internal security website, ensuring employees have easy access to security policies, best practices, and educational resources.Qualifications:
        
        Bachelor's degree required. Degree in Information Systems Security or related field preferred.
        
        Minimum of 2 years substantive relevant experience required.
        
        An ideal candidate will have 2-5 years of experience in information security, compliance, risk management, or IT security operations.
        
        Certifications (Preferred): Security+, CISSP, CISM, CISA, or equivalent.
        
        Technical Skills:
        
        Experience conducting risk assessments, security audits, and compliance evaluations preferred.
        
        Familiarity with ISO 27001, SOC 2, NIST 800-53, CSF, HIPAA compliance frameworks.
        
        Hands-on experience with GRC tools, vulnerability scanners, SIEM platforms, and security monitoring.
        
        Strong proficiency in Excel, Power BI, or similar tools to analyze risk and compliance data.
        
        Demonstrated experience with identity and access management (IAM), phishing detection, endpoint security, and incident response procedures.
        
        Soft Skills:
        
        Strong communication, documentation, and presentation skills.
        
        Self-motivated with the ability to work independently and in teams.
        
        Excellent problem-solving and analytical thinking skills.
        
        Adaptability and willingness to learn in a rapidly changing security landscape.
        
        An inclusive and growth-oriented mindset, strong interpersonal skills, and an ability to work across differences.
        
        To the extent permitted by applicable law, eligible candidates must be authorized to work in the United States without sponsorship or restriction, now and in the future.Analysis Group embraces diversity and equal opportunity in a deep and meaningful way. We are committed to building teams that represent a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.We provide equal access and opportunities regardless of sex, sexual orientation, gender, gender identity, gender expression, age, religion, race, color, ethnicity, national origin, ancestry, mental and physical ability or disability, medical condition, genetic information, citizenship status, socioeconomic status, veteran and military status, or membership in any other class protected under applicable law. We encourage candidates of all backgrounds to apply.#LI-Hybrid
        #J-18808-Ljbffr

Keywords: Analysis Group, Inc., Boston , Information Security Analyst, Professions , Boston, Massachusetts

Click here to apply!

Didn't find what you're looking for? Search again!

Let Boston recruiters find you. Post your resume for free!

Get Boston Professions jobs via email.

View more Boston Professions jobs

Other Professions Jobs

Air Logistics Customer Care Specialist
Description: Would you like to launch your career with one of the most successful logistics organizations worldwide Here at Kuehne Nagel, our Boston site is looking for a new Air Logistics Customer Care Specialist (more...)
Company: Kuehne + Nagel AS
Location: Boston
Posted on: 04/4/2025

Operations Manager, Greater Boston Market
Description: Country: br United States of America br Location: br CAM69: ALC - Mass Canton 95 Shawmut Road , Canton, MA, 02021 USA br br Carrier is the leading global provider of healthy, safe and sustainable (more...)
Company: Carrier
Location: Canton
Posted on: 04/3/2025

Senior Analyst, Private Equity Real Estate- CBRE Investment Management
Description: Senior Analyst, Private Equity Real Estate- CBRE Investment Management br br Job ID br br 187982 br br Posted br br 21-Mar-2025 br br Service line br br REI Segment br br Role (more...)
Company: CBRE
Location: Boston
Posted on: 04/3/2025

Salary in Boston, Massachusetts Area | More details for Boston, Massachusetts Jobs |Salary

Senior Associate, Strategy Consulting Practice
Description: Are you passionate about making an impact on the education sector Interested in working with companies, non-profits, institutions, investors, and foundations across the PreK-12, postsecondary, and professional (more...)
Company: Tyton Partners
Location: Boston
Posted on: 04/3/2025

Sr. Data Analyst, Risk Adjustment
Description: ul Job Summary br br Under the supervision of the Director of Data and Reporting, this individual will be responsible for supporting critical data submission functions for the Risk Adjustment Department (more...)
Company: Point32Health
Location: Foxboro
Posted on: 04/4/2025

Security Site Supervisor
Description: br br br br br br br br Security Site Supervisor br br br br Job Locations br br US-MA-Burlington br br br br br br br Category Portal Searching br br (more...)
Company: Allied Universal
Location: Burlington
Posted on: 04/3/2025

Construction Casualty Underwriter (Senior or AVP)
Description: Construction Casualty Underwriter Senior or AVP Zurich is currently hiring a Construction Primary Casualty Underwriter Senior or AVP to join the Construction team in the Tri-State area of New York (more...)
Company: Zurich 56 Company Ltd
Location: Boston
Posted on: 04/3/2025

Senior Construction Project Manager
Description: We're hiring a senior project manager to manage one-of-a-kind, high-end residential projects, working closely with the site superintendent to lead the build team. Our project managers are technical and (more...)
Company: Dowbuilt
Location: Boston
Posted on: 04/3/2025

Building Engineer
Description: OverviewWhen you join Hines, you will embark on a career journey fueled by vision and guided by leaders who set the standards of our industry. Our legacy is rooted in innovation and excellence, earning (more...)
Company: Hines
Location: Boston
Posted on: 04/3/2025

Patient Care Technician; 36 hours 7p-730 am Med/Tele/Stroke
Description: Patient Care Technician 36 hours 7p-730 am Med/Tele/Stroke br Job Ref: 31524 br br Category: CNA Nursing Assistant br br Location: br br Emerson Hospital, br 133 Old Road to Nine Acre (more...)
Company: Emerson Hospital
Location: Concord
Posted on: 04/3/2025

Loading more jobs...

Information Security Analyst

Didn't find what you're looking for? Search again!

Other Professions Jobs

Log In or Create An Account