Information Security Analyst

Job Description

Information Security Analyst Key Responsibilities: Implement and maintain ISO 27001:2022 controls and ensure compliance with ISMS requirements. Ensure compliance with HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) requirements for data privacy and protection. Monitor and analyze security alerts from various tools, including SIEM solutions. Conduct risk assessments and gap analysis aligned with ISO 27001:2022 Annex A controls , HIPAA Security Rule , and GDPR requirements . Assist in the development and continuous improvement of the Information Security Management System (ISMS) . Support internal and external ISO 27001:2022 audits , HIPAA compliance audits , and GDPR data protection assessments , including evidence collection and corrective action implementation. Conduct vulnerability assessments and penetration testing to identify security risks. Investigate security incidents and support incident response efforts in accordance with ISO 27001:2022 Incident Management , HIPAA Breach Notification Rule , and GDPR Data Breach Notification requirements . Implement and maintain security policies, procedures, and controls aligned with ISO 27001:2022, HIPAA, and GDPR . Provide security awareness training to employees on ISMS policies, HIPAA security/privacy regulations, and GDPR compliance requirements. Collaborate with IT and development teams to ensure secure coding practices, system configurations, and data protection controls. Stay updated with the latest security threats, vulnerabilities, and mitigation strategies relevant to ISO 27001:2022, HIPAA, and GDPR compliance. Required Qualifications & Skills: Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field. 5+ years of experience in information security or a related role, with hands-on experience in ISO 27001:2022 implementation, HIPAA compliance, and GDPR data protection . Strong understanding of ISO 27001:2022 framework , HIPAA Security and Privacy Rules , and GDPR principles . Experience with security tools such as firewalls, SIEM, IDS/IPS, and endpoint protection. Knowledge of ISO 27002:2022 controls , OWASP Top 10, secure coding practices, and cloud security principles. Hands-on experience with vulnerability management, risk assessment methodologies, and HIPAA risk analysis . Certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor. Strong analytical, problem-solving, and communication skills. Preferred Qualifications: Experience in securing cloud environments (AWS) Understanding of network security architecture and encryption technologies Experience working with Electronic Health Records (EHR) systems or Healthcare experiences.