Title: Info Security Analyst
Duration: 3months
Location: Mount Laurel, NJ (Hybrid – 2 days in office)
 

The role sits within the Assurance Governance Oversight team under Global Technology (GT)
• The team focuses on audit and regulatory findings across Global Technology.
• The team performs two primary functions: a Challenge function and a Quality Assurance function.
• The Challenge forum is held twice weekly where teams present remediation packages and receive feedback to ensure they meet audit validation or regulatory requirements.
• The Quality Assurance function performs pre-review work on remediation packages before they are presented in challenge forums.
• QA reviews identify gaps, control issues, documentation deficiencies, and remediation improvements aligned with audit methodology and regulatory standards.
• The team provides guidance to stakeholders on how to finalize remediation packages before submission to audit validation or regulators.
• The team manages end-to-end coordination of remediation reviews, including scheduling, communications, training, tracking, documentation, and facilitation of review sessions.
• The team coordinates communications and documentation required to move remediation packages through the governance process.
• The role being filled is an Analyst position due to a team member going on parental leave.
• The analyst will support team leads and assist with operational execution of challenge and QA processes.
• Analysts are expected to be hands-on with coordination, documentation, reviews, and operational support tasks.
• Responsibilities include meeting minutes, communications, documentation of reviews, preparing pre-mails for challenge forums, and assisting in review preparation.
• Analysts also support pre-discussion meetings prior to challenge forums or QA sessions.
• Analysts perform QC checks on documentation before it is reviewed by the team leads.
• Analysts help ensure remediation packages are in good standing before reaching governance review stages.
• The role also includes ad hoc responsibilities, such as documenting processes or reviewing specific operational tasks.
• The team distributes work across staff to ensure workload is balanced and no single person handles all reviews.
• Staff are assigned specific reviews and manage them through completion.
• The team operates in a collaborative working model where staff rotate responsibilities across review assignments.
• The environment requires strong coordination and communication skills due to the governance and facilitation nature of the work.
• The role requires someone who can join the team and quickly contribute to existing workflows.
• Candidates outside those locations may not be prioritized due to hybrid requirements.
• Interviews will be conducted virtually initially, with the possibility of one or two interview rounds.
• The requisition will be released shortly after the call and submissions will be halted Friday morning.
• The hiring manager stated the team is tight knit and collaborative, with staff working closely together.
• The role provides exposure to multiple technical areas and subject matter experts within the technology organization.

Key Role Requirements and Preferences
• Preferred background in audit, risk management, or controls environments
• Strong understanding of controls frameworks and governance processes
• Knowledge of audit methodology and remediation processes
• Familiarity with regulatory findings management
• Experience reviewing remediation packages or audit findings documentation
• Experience with compliance, policies, and operational processes
• Experience with issue management processes
• Ability to coordinate governance reviews, documentation, and communications
• Ability to assist with meeting minutes and documentation for governance forums
• Familiarity with controls frameworks such as NIST
• Experience working in structured governance or regulatory environments
• Ability to support documentation, review preparation, and QC validation processes
• Ability to collaborate closely with leads and stakeholders across teams
• Preferred experience level of approximately three to five years

Tools and Systems Mentioned
• Jira used for tracking BAU activities, projects, timelines, and service level objectives
• ServiceNow will be used to house audit findings as the team transitions from EPR to ServiceNow in April
• Microsoft Lists used internally for operational tracking of challenge reviews
• Reporting and dashboards are primarily managed by a separate data management team
• Internal tracking data is used by the data team to measure team performance and progress
• Reporting dashboards are not a major responsibility for this role

Job Specific Accountabilities
The Senior Information Security Analyst role supports the execution of independent quality assurance and remediation reviews for audit and regulatory findings for Client's Global Technology Solutions (GTS) area.  The role focuses on assessing the adequacy, completeness, and sustainability of management action plans, evaluating remediation evidence, and identifying residual risk to ensure alignment with regulatory expectations, internal standards, and information security frameworks.
 
This position operates within a 1B / oversight / challenge function, partnering closely with technology teams, operational risk management, audit, and compliance stakeholders to promote strong control hygiene and timely risk reduction.
 
We are looking for someone who is well-versed at providing governance, risk, compliance and issue remediation oversight and control best practices that meet Client’s overarching strategy and objectives. Here's some of what you may be asked to perform:
 

• Conduct quality assurance reviews and challenge of remediation action plans for internal audit and regulatory findings related to information security and technology controls, working with stakeholders across the three lines of defense to ensure effective risk mitigation and remediation
• Assess whether action plans sufficiently address root cause, risk drivers, and control design gaps
• Assess remediation evidence for accuracy, completeness, and sustainability
• Apply established QA rubrics, control standards, and review methodologies consistently
• Identify gaps, weaknesses, or misalignment with policy, standards, and regulatory expectations
• Document review results, conclusions, and rationale in a clear, defensible manner
• Evaluate information security controls across areas such as access management, change management, vulnerability management, data protection, logging and monitoring, third party risk, etc.
• Assess residual risk and escalate concerns where remediation effectiveness is insufficient
• Maintain accurate records of review activities, decisions, and supporting evidence
• Support management reporting and metrics related to remediation quality and status
• Engage with technology owners to clarify remediation approaches and evidence
• Provide constructive challenge and guidance while maintaining independence
• Collaborate with audit, operational risk management, and compliance partners to ensure alignment and consistency
• Contribute to continuous improvement projects, leveraging agile / lean continuous improvement practices/methods that demonstrate sustainable and leading-edge solutions (e.g. Artificial Intelligence (AI), Machine Learning (ML), Power BI/Apps, Python, etc.)
• Identify emerging themes, understand trends, and provide specialized business management advice to senior management and respective teams while raising industry, external and internal, enterprise and business awareness.
• Stay apprised on Industry Best Practices as well as the Technology and Information Security Audit and Regulatory environment.

 
Job Requirements 

• Expert knowledge of IT Audit and Control methodology, IT Governance Controls and Standards, and associated tools to ascertain the quality and effectiveness of technology remediation plans.
• Competencies in technology controls, emerging threats, and technology risk disciplines and practices.
• IT governance experience in various information security methodologies/frameworks (e.g., COBIT 5, NIST, etc.)
• Knowledge of IT policies, standards, and technology risk disciplines and practices
• Knowledge / Experience in core Agile frameworks such as, Scrum, Kanban, and Extreme Programming to execute Challenge functions as defined by the client Agile methodology
• Sound understanding of data analytics (collection, analysis, distribution etc.) and complex business processes
• Experience with change management methods to evolve technology issue management framework (people/process/technology) specific to Challenge Operation
• Experience with Key Performance and Risk Indicators and Technology Risk analytics and reporting, managing and refining business rules and thresholds for Technology controls performance (KPIs) and aggregating risk (KRIs)
• Provide support to the development and testing teams to resolve data issues
• Excellent verbal and written business communication skills; meticulous documentation
• Ability to manage multiple efforts simultaneously and strong organizational skills
• Ability to effectively interact with individuals across the organization and at various levels (technical, business, Senior & Executive Management)
• Ability to educate colleagues and team members related to Challenge Operation processes/tools
• Ability to contribute to / participate in complex technology projects

 
Required Qualifications:

• 5+ years of relevant experience in information security, technology risk, audit and regulatory remediation processes
• Understanding of information security control frameworks (e.g., NIST, ISO 27001, CIS)
• Experience reviewing control design, implementation, and operating effectiveness
• Strong analytical skills with attention to detail and sound professional judgment
• Experience supporting 1B, 2LOD, or QA/challenge functions
• Experience reviewing remediation evidence and validating control effectiveness
• Exposure to GRC tools (e.g., Archer, ServiceNow or similar platforms)
• Expert knowledge various technology tools: including JIRA, Confluence, Sharepoint, MS Office, Excel, etc.
• Relevant certifications or progress towards  or relevant equivalent experience (e.g., CRISC, CISM, CISA, CISSP)
• University degree or relevant field / equivalent experience

 
 
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 45.15/daily.