Information Security Analyst

R

Red Hill Consulting Llc

Information Security Analyst

New York, NY
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k)

    Competitive salary

    Opportunity for advancement

    Training & development

    About Us

    At Red Hill Consulting LLC, we are more than just consultants—we are problem solvers, innovators, and strategic partners. With expertise in IT, governance, risk management, compliance, and business transformation, we help organizations navigate complexity and drive meaningful change.

    Our team specializes in delivering tailored, high-impact solutions that empower businesses to optimize processes, enhance security, and leverage data-driven insights. Whether it's implementing cutting-edge technology, refining operational strategies, or ensuring regulatory compliance, we take a proactive, hands-on approach to solving challenges.

    Rooted in our core values of Integrity, Innovation, and Excellence, we foster a collaborative environment where expertise meets execution. Our clients span industries such as finance, healthcare, government, and technology, and we pride ourselves on delivering measurable results that drive sustainable success.

    About the Role

    We are seeking an Information Security Specialist to lead and support initiatives in risk management, compliance, and process improvement. This role requires a strong technical background in information security frameworks, vendor risk management, and security best practices. The ideal candidate will be responsible for assessing security risks, refining security policies, and ensuring compliance with industry standards.

    Beyond security oversight, this role will bridge the gap between business and technology, working closely with cross-functional teams, executives, and clients to define project goals, develop security roadmaps, and implement solutions that align with business objectives. The successful candidate must be able to develop and implement comprehensive security strategies and programs while facilitating consultative discussions across departments to identify security needs and integrate them into long-term planning.

    The ideal candidate is a strategic thinker, problem solver, and strong communicator who can navigate complex environments with confidence. They will play a key role in driving automation, reporting, and process optimization to enhance security and efficiency. If you thrive in fast-paced, evolving industries and enjoy leading security-driven projects that impact businesses, we encourage you to apply.

    What We’re Looking For:

    We require someone with a strong background in information security, expertise in process optimization, and the ability to align technical security initiatives with business strategy.

    Key Responsibilities

    Conduct security risk assessments on internal systems, third-party vendors, and cloud environments to identify vulnerabilities and compliance gaps.

    Develop and maintain security policies, standards, and best practices based on industry frameworks (ISO 27001, NIST 800-53, FFIEC, COBIT, COSO, ITIL).

    Evaluate and refine vendor security requirements to ensure appropriate security controls are embedded in contract negotiations and procurement processes.

    Provide risk mitigation recommendations to align security measures with business goals and regulatory requirements.

    Collaborate with legal, IT, and procurement teams to review, negotiate, and enforce cybersecurity contract provisions for third-party vendors.

    Ensure compliance with industry regulations and security frameworks to meet organizational and legal obligations.

    Conduct internal security audits and assessments, identifying areas for improvement and ensuring proper documentation.

    Support incident response planning and investigation efforts, working with internal teams and external vendors when security events occur.

    Monitor changes in cybersecurity regulations, industry trends, and emerging threats, ensuring security policies remain up to date.

    Assist in security awareness training initiatives, helping teams understand and comply with security best practices.

    Identify and implement process improvements in security workflows, vendor risk management, and compliance monitoring.

    Leverage automation tools and reporting platforms to enhance security operations, risk assessments, and regulatory tracking.

    Work with cross-functional teams to integrate security considerations into broader IT and business initiatives.

    Assess and enhance security standards for third-party vendors, ensuring alignment with organizational risk tolerance.

    Support the negotiation and enforcement of security clauses in procurement contracts to meet compliance and security objectives.

    Identify efficiencies in vendor security evaluation processes, streamlining due diligence while maintaining security integrity.

    Provide data-driven insights to optimize security risk management strategies across multiple departments or business units.

    Qualifications & Skills

    Bachelor's degree in business, IT, or a related field.

    3+ years of experience in information security, risk management, or compliance.

    Strong knowledge of at least one major security framework (ISO 27001, NIST 800-53, FFIEC, ITIL, COBIT, or COSO).

    Experience with Tableau and/or Power BI for data visualization and dashboard creation.

    Strong understanding and experience with control testing; ITGCs, application controls, physical and environmental security, logical security, change management, backup and recovery, incident management, and information security.

    Proficiency in SQL for data extraction, transformation, and reporting.

    Hands-on experience in information security frameworks, governance, and risk management.

    Experience with vendor risk assessments and third-party security evaluations.

    Familiarity with security policies, risk management strategies, and compliance best practices.

    Ability to analyze and improve security processes while balancing business needs.

    Strong communication skills to engage with technical teams and executives.

    Excellent communication and stakeholder management skills.

    Ability to manage multiple projects in fast-paced environments.

    PMP, PRINCE2, or Agile certification is a plus.

    Preferred Certifications (Not Required, but a Plus):

    CISA (Certified Information Systems Auditor) CISM (Certified Information Security Manager) CISSP (Certified Information Systems Security Professional) CompTIA Security+ CRISC (Certified in Risk and Information Systems Control)

    Why Join Us?

    Be part of a dynamic, mission-driven team that values innovation and strategic thinking.

    Work on diverse, high-impact projects across multiple industries.

    Opportunities for professional development and career growth.

    Competitive salary and benefits package.

    Flexible work from home options available.