Junior IT Security Compliance Analyst  

At Five Rivers IT, we build and service reliable IT infrastructures for midsized businesses. Five Rivers IT has been growing at a consistent rate of 30% a year for the last 3 years. 

We are in search of an IT Security Compliance Analyst to join the dynamic team of professionals providing world-class IT services to its clients in the NYC metro area. This is a great opportunity for a self-starter with a proven track record to develop, implement, and support various initiatives in the area of governance, risk and compliance.  

 Responsibilities:  

• Maintain proactive ongoing compliance by utilizing GRC compliance tool to perform periodic security tasks and checks.  

• Establish and manage Written Information Security Policies (WISP) ensuring a formal, defined, and consistent process for managing information security 

• Perform Gap Assessment against established policy 

• Liaison with Engineering/IT by coordinating requests for information and coordinating responses to any observations. 

• Monitor and analyze security systems to identify irregularities that can lead to potential threats.  

• Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings and to then communicate them to the client.   

• Conduct Vulnerability Management Program.   

• Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.  

• Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)  

Required Qualifications: 

• Bachelor's in Computer Science, Computer Engineering, Information Systems or related field or equivalent work experience 

• Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA)   

• Experience implementing security techniques, practices, and controls that can be applied to address risks  

• Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.  

• Strong written and verbal communication skills  

• Strong program management skills  

• Experience working closely with auditors and/or external regulators  

• Experience managing security tools 

Preferred Qualifications: 

• Experience with Audit Management tools  

• Security certification e.g. Security+, Network +, A+ etc. 

• Prior experience leading or managing security audits at a SaaS/Cloud company or as a Security Auditor at an audit firm 

• Systems Admin or Network Admin experience implementing security controls 

Other Details about the Job 

• This job requires working for multiple clients across multiple environments in a managed services setting.  

• This is a Full-Time position. 

• This role is in-person and requires the candidate to be able to be in the office 5 days a week.

• All standard benefits are included such as medical/dental/vision insurance and vacation time. 

• We encourage and reward professional certifications. 

Please send your resume with the expected salary. Applications lacking expected salary will not be considered.