Information Security – Risk & Compliance Analyst
Hybrid · Easton, Pennsylvania, United States
Job Summary
Information Security – Risk & Compliance Analyst supports the global information security program by assisting in identifying, assessing, and managing information security risks and compliance demands across the organization. Key responsibilities include risk assessment and management, documentation of risk findings, remediation tracking, development of risk treatment plans, and participation in enterprise risk reviews; compliance and framework management for NIST CSF, ISO/IEC 27001, CMMC, and EU NIS2; gap analyses and remediation roadmaps; maintenance of policy evidence and assessment reports; third-party and audit management; policy drafting and security awareness training; collaboration with IT, Legal, Operations, and other teams; and preparation of status reports and metrics. Qualifications emphasize foundational information security knowledge, risk management concepts, familiarity with cloud, DevOps, and application security, strong analytical skills, and the ability to work across global time zones; education and certifications include a Bachelor's degree or cybersecurity certification and entry-level certifications such as CompTIA Security+; hybrid work environment with occasional site visits to manufacturing facilities.
Required Qualifications
- Bachelor’s degree, cybersecurity certification, or equivalent experience in information security or related field
- 0 – 2 years’ experience in information security, IT audit, risk management, or a related field.
- CompTIA Security+ certification or equivalent
- Additional Risk & Compliance certification(s) helpful
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.