Job Description

Title: Infosec Analyst

Start: ASAP

CJIS required: YES

Client is seeking a Cybersecurity Analyst - Governance, Risk, & Compliance (GRC) to join our team. Now is a great time to join Universal Services as we enhance critical services to County residents and internal customers!

Key Responsibilities:

Governance

• Assist in the development, maintenance, and enforcement of security policies, standards, and procedures.

• Participate in the creation and management of the organization’s information security governance framework.

• Monitor the effectiveness of cybersecurity controls and propose improvements.

Risk Management

• Conduct risk assessments for systems, vendors, and processes to identify vulnerabilities and areas of non-compliance.

• Maintain a risk register and track remediation efforts for identified risks.

• Support business units in developing risk mitigation strategies and action plans.

Compliance

• Ensure compliance with industry standards, regulatory requirements, and frameworks (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, CJIS, GDPR).

• Assist with internal and external audits, including evidence collection and audit readiness.

• Develop and maintain metrics and dashboards to report on compliance status and risk posture to stakeholders.

Third-Party Risk

• Conduct due diligence and security assessments for third-party vendors and service providers.

• Maintain documentation and track remediation efforts related to vendor risk management.

Training & Awareness

• Contribute to the development of security awareness training materials.

• Promote cybersecurity awareness across the organization to foster a culture of security. Continuous Improvement

• Monitor emerging cybersecurity threats, trends, and regulatory changes.

• Recommend and implement improvements to the GRC program in alignment with industry best practices.

Qualifications

Requirements

Education: A High School Diploma or GED accompanied by a recognized cybersecurity certification (e.g., Security+, SSCP, or equivalent), or a Bachelor’s degree in a related field such as Cybersecurity, Information Technology, or Information Systems.

Experience: • 2–5 years of experience in Governance, Risk, and Compliance (GRC), cybersecurity, IT audit, or risk management.

• Hands-on experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).

• Familiarity with security and privacy regulations and frameworks (e.g., NIST, ISO, GDPR, HIPAA, SOC 2). Skills and Competencies

• Strong analytical, organizational, and problem-solving skills.

• Ability to communicate effectively with technical and non-technical audiences.

• Knowledge of cybersecurity principles, risk management practices, and regulatory environments.

• Proficient in Microsoft Office 365, including Excel, PowerPoint, and SharePoint.

• Ability to work independently and collaboratively in a fast-paced environment.

Preferences

• Industry certifications such as CISSP, CISA, CRISC, Security+, or ISO 27001 Lead Implementer/Auditor are highly desirable.

• Demonstrated passion for cybersecurity, risk reduction, and continuous professional development.

• Strong attention to detail with an emphasis on accuracy and quality.

• Excellent communication and interpersonal skills with a collaborative, team-oriented approach.

Additional Information

All your information will be kept confidential according to EEO guidelines.