Information Security Analyst

About the Role

The Information Security Analyst is a hands-on position within the Information Security function, designed to partner closely with IT and business stakeholders. The core mission of this role is to ensure the consistent, measurable delivery of security services across the enterprise. You will focus heavily on third-party risk management, conducting security assessments, and integrating security controls into both on-premise and cloud-based systems.

This position thrives in a fast-paced, highly collaborative environment where modern and emerging technologies are the norm. You will be responsible for supporting a Technology Vendor Management and Third-Party Risk Management program, overseeing vendor risk reviews, renewals, and ongoing monitoring. A key part of your day involves partnering with system owners to integrate security early in the project lifecycle, ensuring that vendor, product, and application security assessments are thorough and effective.

Beyond assessments, you will coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications. You will also work with business teams to review workflows, recommend security process improvements, and support data protection initiatives. The role requires producing clear written security assessments and developing metrics, dashboards, and reporting to measure control effectiveness against frameworks like NIST CSF, CIS, and ISO 27001.

Work Environment

We foster a collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities. Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

Equal Opportunity & Privacy

Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, religion, national origin, citizenship, age, disability, veteran status, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state, or local law. We are committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations.

If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com.

Vaco by Highspring respects your privacy and is committed to providing transparent notice of our policies. By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present you as a candidate for this employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position.

Compensation for this role depends upon a wide array of factors including skill sets, experience, training, licensure, office location, and other business needs. The individual may also be eligible for discretionary bonuses.

Work location

Work model: On-site

LAX Valet Service, 8929, South Sepulveda Boulevard, Westchester, Los Angeles, Los Angeles County, California, 90045, United States

Los Angeles, California

Key Responsibilities

check_circleConduct vendor, product, and application security assessments with system owners
check_circleCoordinate implementation of security integrations such as SSO, logging, and backup across systems
check_circlePartner with business teams to review workflows and recommend security process improvements
check_circleProduce clear written security assessments documenting vendor and application security posture
check_circleDevelop and deliver security metrics, dashboards, and reporting to measure control effectiveness
check_circleParticipate in risk reviews aligned to security frameworks like NIST, CIS, and ISO 27001
check_circleDevelop and execute data protection and risk mitigation initiatives
check_circleSupport vendor management and third-party risk management programs including reviews and monitoring

Requirements

verified2–3+ years of experience in Information Technology
verifiedMinimum of 2 years of experience in cybersecurity risk management
verifiedBachelor's or Master's degree in a relevant field
verifiedExperience conducting vendor due diligence and third-party security assessments
verifiedFamiliarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP
verifiedExperience coordinating technical security integrations across systems and applications
verifiedStrong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals

Nice to Have

Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools). Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM. Experience with security logging and event management tools (e.g., SIEM platforms). Hands-on exposure to AWS and/or Azure cloud environments. Experience producing operational security metrics and dashboards.

Skills, education and keywords

Skills: Nist CSF, Cis, Iso 27001, Itil, Nist, Soc, Pci-DSS, Fedramp, Onetrust, Sig.

Education: Bachelor's or Master's degree in a relevant field required; Bachelor's or Master's degree in a relevant field required.

Frequently asked questions about Information Security Analyst at Vaco by Highspring

What does a Information Security Analyst at Vaco by Highspring do?expand_more

A Information Security Analyst at Vaco by Highspring is responsible for the following: Conduct vendor, product, and application security assessments with system owners; Coordinate implementation of security integrations such as SSO, logging, and backup across systems; Partner with business teams to review workflows and recommend security process improvements; and Produce clear written security assessments documenting vendor and application security posture.

What are the requirements for this Information Security Analyst role?expand_more

To qualify for the Information Security Analyst at Vaco by Highspring position, applicants should have: 2–3+ years of experience in Information Technology; Minimum of 2 years of experience in cybersecurity risk management; Bachelor's or Master's degree in a relevant field; Experience conducting vendor due diligence and third-party security assessments; Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP; and Experience coordinating technical security integrations across systems and applications.

Where is the Information Security Analyst role at Vaco by Highspring located?expand_more

Information Security Analyst at Vaco by Highspring is based in LAX Valet Service, 8929, South Sepulveda Boulevard, Westchester, Los Angeles, Los Angeles County, California, 90045, United States. This is a on-site role.

Is this Information Security Analyst job remote, hybrid, or on-site?expand_more

Vaco by Highspring has listed this Information Security Analyst role as on-site.

How much experience is required for this Information Security Analyst role?expand_more

Information Security Analyst at Vaco by Highspring typically requires 2–3 years of relevant experience at the mid level level.

What skills do you need for the Information Security Analyst role at Vaco by Highspring?expand_more

Key skills for Information Security Analyst at Vaco by Highspring include Nist CSF; Cis; Iso 27001; Itil; Nist; Soc; Pci-DSS; and Fedramp.

What education is required for Information Security Analyst at Vaco by Highspring?expand_more

Educational requirements for this role: Bachelor's or Master's degree in a relevant field required; and Bachelor's or Master's degree in a relevant field required.

What category does the Information Security Analyst role belong to?expand_more

Information Security Analyst at Vaco by Highspring is part of the it job category on Recrutus.