This job board retrieves part of its jobs from: California Jobs | Texas Jobs | New Jersey Jobs

Find jobs in Pittsburgh

To post a job, login or create an account |  Post a Job

  Pittsburgh Job Bank  

Bringing the best, highest paying job offers near you

previous arrow
next arrow

Information Security Analyst

Nesco Resource

This is a Full-time position in Pittsburgh, PA posted March 4, 2021.

Information Security Analyst:


  • Participate in all aspects of Information Security Governance, Risk Management, and Compliance
  • Ensure GRC program information, documentation, data, assessment information, etc. is consistently updated
  • Build out new and maintain current GRC tools and processes to provide visibility and transparency of risks, controls, assessments, and incidents
  • Identify, assess, manage, track, and drive explicit requirements/timelines in the remediation of risks within IT infrastructure, applications, platforms, and suppliers
  • Collaborate with Information Security teammates and IT Infrastructure teams on security administration tasks and information security projects
  • Manage client and vendor risk assessments, ensure compliance, and guide adherence to client contractual, regulatory, and legal security requirements
  • Ensure risk management oversight is understood, properly managed, and current with all standards, guidelines, and regulations by developing strong relationships with external auditors and key stakeholders
  • Third party risk assessments and user access reviews to check critical system and data access
  • Validate compliance and evaluate information security risks across the entire organization
  • Maintain, audit, and contribute to process improvements of compliance programs
  • Increase the company’s security posture by identifying, mapping, tracking, reviewing, and reporting policy and compliance documentation, requirements, and controls
  • Map controls to policy/procedure/process and test controls to ensure coverage
  • Collaborate with control owners in the remediation of deficiencies
  • Support compliance efforts related to regulatory, legal, and security frameworks and privacy laws


  • 5+ years of professional experience with Information Security/Cyber Security is REQUIRED
  • 2+ years of experience managing Information Security Governance, Risk Management, and Compliance/GRC programs, applications, and toolsets is REQUIRED
  • Experience with defining Information Security policies/standards/controls is REQUIRED
  • Experience with identifying and defining metrics to track progress for various partners is REQUIRED
  • Experience with identifying, monitoring, and remediating security compliance issues is REQUIRED
  • Must be influential and persuasive in the decision-making surrounding risk management and compliance
  • Must be influential, persuasive, and collaborative with stakeholders to develop risk strategies
  • Must have senior level experience with risk analysis techniques and assessment frameworks
  • Knowledge/understanding of IT Change Management, Problem Management, Incident Management, and Vulnerability Management
  • High level knowledge/understanding of cloud platforms, AWS preferred
  • Experience with ensuring technical documentation/contracts are aligned with audit materials
  • Knowledge of NIST, PCI, SOC1, SOC2, ISO, ISO27001, HIPAA, CCPA and COBIT standards
  • Information Security certifications such as CISSP, CISA, CISM, CEH, etc. are highly preferred

Nesco Resource and affiliates (Lehigh G.I.T Inc, and Callos Resource, LLC) is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.