Back to Careers
Information Security Analyst
We are seeking a detail-oriented and experienced Information Security Analyst to join our security and compliance team. The successful candidate will play a key role in designing, assessing, and documenting information security controls, with a strong focus on IT General Controls (ITGC), SOX compliance, internal and external audit support, and process improvement. This role requires the ability to bridge technical security requirements with regulatory compliance obligations and communicate effectively with cross-functional stakeholders.
Essential Duties & Responsibilities
ITGC & SOX Compliance
Design, implement, and monitor IT General Controls (ITGC) across logical access, change management, computer operations, and SDLC domains
Support annual SOX compliance programs, including scoping, risk assesment, control mapping, and testing coordination.
Identify and remediate control deficiencies; track findings, through to resolution and validate management remediation actions.
Collaborate with business process owners to ensure SOX IT controls are embedded in day-to-day operations.
Maintain control matrices, SOX documentation, and supporting evidence in accordance with PCAOB and SEC requirements.
Internal & External Audit Support
Serve as the primary point of contact for internal and external auditors during IT audit engagements.
Coordinate the gathering, review, and submission of audit evidence packages to ensure completeness and accuracy.
Assist in preparing management responses to audit findings and tracking corrective action plans (CAPs).
Support SOC 1 / SOC 2 Type II audit engagements and other third-party assessments.
Analyze audit observations to identify systemic issues and drive long-term process improvements.
Process Design & Documentation
Develop and maintain information security policies, procedures, standards, and guidelines aligned with frameworks such as NIST CSF, ISO 27001, and CIS Controls
Design and document end-to-end security and compliance processes, including control narratives, process flow diagrams, and risk and control matrices (RCMs).
Facilitate control walkthroughs with process owners and document evidence of operating effectiveness.
Maintain and up-to-date library of security process documentation and ensure version control and periodic review cycles.
Risk & Control Assessment
Conduct risk assessments to identify gaps between current security posture and industry standards or regulatory requirements.
Evaluate the design and operating effectiveness of controls through self-assessment and testing activities.
Prepare management-level risk reports and dashboards, communicating findings clearly to technical and non-technical audiences.
Required Skills & Experience
Preferred Qualifications
Apply Today
Send your resume to abloom@sylvan-inc.com
Back to Careers