Job Type: Contract (W2 ONLY)
Location: Mason, OH (HYBRID; Onsite Tuesdays and Thursdays & Remote for the rest of the week)
Work Hours: Monday-Friday, 8:00 AM-5:00 PM EST (40 hours per week)
Start Date: ASAP
Duration: 6 Months (with potential for extension)
Compensation: $28 to $35 per hour
Relocation Assistance: Not provided
Position Overview: Our leading vision insurance client is seeking a skilled Information Security Analyst to support information security and compliance initiatives. This role will play a critical part in managing the organization's vulnerability management program, with a focus on oversight, coordination, and reporting rather than hands-on remediation. The Analyst will work closely with internal teams to ensure timely remediation, maintain audit readiness, and uphold compliance with regulatory standards such as HIPAA, HITRUST, SSAE-18, and PCI.
Responsibilities:
- Monitor and analyze vulnerability assessment data to identify and communicate technical risks.
- Classify and prioritize newly identified vulnerabilities.
- Coordinate and track remediation efforts across internal teams to ensure timely closure of security gaps.
- Support and facilitate vulnerability assessments, penetration testing, and social engineering exercises.
- Provide risk summaries and remediation updates to leadership.
- Respond to client and third-party security questionnaires and audit inquiries.
- Utilize and manage various IS tools (e.g., DLP, code scanners, internal/external scanning platforms).
- Participate in IT SDLC processes to embed security by design.
- Collaborate across business and technology teams to improve security posture.
- Contribute to audit, compliance, and certification efforts.
- Analyze and report on data from scanning tools to assess risk and track progress.
- Stay up to date with industry trends and emerging threats to support continuous program improvement.
Basic Qualifications:
- Bachelor's degree in Computer Science, Information Technology, or related field.
- 3+ years of experience in IT Risk, Information Security, or Compliance.
- Familiarity with standards such as SOC 1 & 2, ISO 27001/2, PCI DSS, HITRUST, NIST, and SANS.
- Strong understanding of IT infrastructure and security tools.
- Excellent communication skills, with the ability to create reports for both technical and non-technical audiences.
- Strong project management, analytical, and organizational skills.
- Experience with security and intrusion detection systems in regulated environments.
Preferred Qualifications:
- Certifications such as CISSP, CISM, GIAC, CHPSE, or PCI DSS.
- Experience in healthcare, insurance, managed care, or other regulated industries.
- Knowledge of CMS and HIPAA vendor standards.
- Familiarity with tools such as
- Security Rating Platforms: Security Scorecard, BitSight, SSL Labs
- Scanning Tools: Nessus Pro, Qualys
- Monitoring/Tracking Tools: Splunk, JIRA
- Code Scanning: HCL AppScan or similar