Information Security Analyst

Sylvan Group

Southfield, MI

JOB DETAILS
SKILLS
Accounting, Amazon Web Services (AWS), Analysis Skills, Auditing, Business Processes, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Cloud Computing, Committee of Sponsoring Organizations of the Treadway Commission (COSO), Communication Skills, Computer Operations, Computer Science, Computer Security, Continuous Improvement, Control Objectives for Information and related Technology (COBIT), Corrective Action, Cross-Functional, Design Document, Design Evaluation, Detail Oriented, Documentation, Embedded Systems, External Audit, Finance, GCP (Good Clinical Practices), ISO (International Organization for Standardization), Identify Issues, Industry Standards, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internal Audit, Legal, Management of Information Systems/Technology (MIS), Microsoft Excel, Microsoft Office, Microsoft PowerPoint, Microsoft SharePoint, Microsoft Visio, Microsoft Windows Azure, Microsoft Word, Presentation/Verbal Skills, Privacy Regulations, Problem Solving Skills, Process Development, Process Flow Diagram (PFD), Process Improvement, Public Company Accounting Oversight Board (PCAOB), Regulatory Compliance, Regulatory Requirements, Reporting Dashboards, Risk, Risk Analysis, Risk Control Matrix, Risk Management, Root Cause Analysis, Sarbanes-Oxley Act (SOX), Securities and Exchange Commission (SEC), Security Analysis, Security Information and Event Management (SIEM), ServiceNow, Software Development Lifecycle (SDLC), Source Code/Configuration Management (SCM), Test Design, Testing, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
Southfield, MI
POSTED
3 days ago

Back to Careers

Information Security Analyst

We are seeking a detail-oriented and experienced Information Security Analyst to join our security and compliance team. The successful candidate will play a key role in designing, assessing, and documenting information security controls, with a strong focus on IT General Controls (ITGC), SOX compliance, internal and external audit support, and process improvement. This role requires the ability to bridge technical security requirements with regulatory compliance obligations and communicate effectively with cross-functional stakeholders.

Essential Duties & Responsibilities

  • ITGC & SOX Compliance

  • Design, implement, and monitor IT General Controls (ITGC) across logical access, change management, computer operations, and SDLC domains

  • Support annual SOX compliance programs, including scoping, risk assesment, control mapping, and testing coordination.

  • Identify and remediate control deficiencies; track findings, through to resolution and validate management remediation actions.

  • Collaborate with business process owners to ensure SOX IT controls are embedded in day-to-day operations.

  • Maintain control matrices, SOX documentation, and supporting evidence in accordance with PCAOB and SEC requirements.

  • Internal & External Audit Support

  • Serve as the primary point of contact for internal and external auditors during IT audit engagements.

  • Coordinate the gathering, review, and submission of audit evidence packages to ensure completeness and accuracy.

  • Assist in preparing management responses to audit findings and tracking corrective action plans (CAPs).

  • Support SOC 1 / SOC 2 Type II audit engagements and other third-party assessments.

  • Analyze audit observations to identify systemic issues and drive long-term process improvements.

  • Process Design & Documentation

  • Develop and maintain information security policies, procedures, standards, and guidelines aligned with frameworks such as NIST CSF, ISO 27001, and CIS Controls

  • Design and document end-to-end security and compliance processes, including control narratives, process flow diagrams, and risk and control matrices (RCMs).

  • Facilitate control walkthroughs with process owners and document evidence of operating effectiveness.

  • Maintain and up-to-date library of security process documentation and ensure version control and periodic review cycles.

  • Risk & Control Assessment

  • Conduct risk assessments to identify gaps between current security posture and industry standards or regulatory requirements.

  • Evaluate the design and operating effectiveness of controls through self-assessment and testing activities.

  • Prepare management-level risk reports and dashboards, communicating findings clearly to technical and non-technical audiences.

Required Skills & Experience

  • Bachelor's degree in information security, Computer Science, Information Systems, Accounting/Finance (MIS), or related field.
  • 3-6 years of experience in information security, IT audit, or compliance roles.
  • Demonstrated hands-on experience with ITGC design, testing, and remediation in a SOX environment.
  • Experience coordinating and supporting external audit engagements (Big 4 or equivalent).
  • Proficiency in developing process documentation, control narratives, and risk and control matrices.
  • Strong analytical and problem-solving skills with keen attention to detail.
  • Excellent written and verbal communication skills; ability to convey complex technical concepts to non-technical stakeholders.
  • Technical Skills & Tools
  • Frameworks: NIST, CSF, ISO 27001, COBIT, CIS Controls, SOX (PCAOB), COSO
  • Audit & GRC Tools: AuditBoard, Workiva, ServiceNow GRC, or equivalent
  • Security Tools: SIEM, IAM/PAM platforms, vulnerability management tools
  • Documentation: Microsoft Visio, Lucidchart, Confluence, SharePoint
  • Productivity: Microsoft Office Suite (Excel, Word, Powerpoint - advanced)

Preferred Qualifications

  • Professional certifications such as CISA, CISSP, CRISC, CIA, or CISM.
  • Experience with GRC platforms (e.g., ServiceNow GRC, AuditBoard, Workiva, MetricStream.
  • Familiarity with cloud security controls (AWS, Azure, GCP) and how they relate to ITGC.
  • Knowledge of SOC 1 / SOC 2 attestation standards and Trust Service Criteria.
  • Experience working in a Big 4 accounting firm or publicly traded company
  • Understanding of data privacy regulation (GDPR, CCPA) and their intersection with security controls.
  • Continuous Improvement - Proactively identifies opportunities to strengthen controls and processes.
  • Integrity & Accountability - Handles sensitive financial and security data with discretion
  • Analytical Thinking - Evaluates complex control environments and identifies root causes
  • Collaboration - Works effectively across security, IT, finance, legal, and operations teams
  • Communication - Translates technical risks into business language for executive audiences
  • Adaptability - Thrives in fast-paced environments with evolving regulatory requirements.

Apply Today

Send your resume to abloom@sylvan-inc.com

Back to Careers

About the Company

S

Sylvan Group