Position Summary We are looking for an Information Security Analyst that has strong internal or external audit experience with a focus on Information Technology. The candidate will be responsible for collaborating with all relevant departments and will report to the Lead of the Audit, Risk and Compliance team. He or she should have the ability to analyze compliance and control initiatives and to engage other team members in process improvement projects. The analyst will assist with performing and documenting requests to support vendor security risk assessments, internal, and third\-party audits. The Information Security Analyst will also be actively involved in regulatory reviews including PCI, HIPAA etc. . The analyst will work closely with the Information Security Analysts, Legal, and various technology and compliance members across the organization. The role sits in the Audit, Risk and Compliance function and will be required to support various activities within that domain as required. The Responsibilities of the Information Security Analyst position includes: * Conduct risk assessment activities of third\-party vendors, including evaluating their security practices, compliance with regulatory requirements, and overall security risk profile. * Prepare gap analysis for the third\-party security posture and assist with the remediation plan recommendations, follow up and tracking of those plans through completion. * Develop a thorough understanding of the Third party risk assessment process and act as the Primary point of contact with the business to support new supplier Onboarding. * Work with various internal teams such as Procurement, Legal, Finance etc. to ensure the internal alignment and completion of prerequisites. * Conduct contract reviews to review security terms with in the contracts and agreement. * Work on a team within the Information Technology organization focusing on compliance programs, processes, initiatives and acting as a point of contact and collaborating with other organization units within the company in these matters. * Respond to requests for information to support audit, regulatory, and technology standards reviews. * Respond to security questionnaires and analyze client contracts to ensure information security and compliance objectives have been adequately addressed. * Prepare and present reports on a regular basis, and as directed or requested, to keep the team informed of the operation and progress of compliance efforts. * Develop a clear understanding and working knowledge of Tranzact internal processes, including the organizations’ internal controls. Organize data and other key information to assist with improved organizational efficiencies. * Develop proficiency in the laws and regulations pertaining to our Industry. **Qualifications Include:** * Degree in a relevant Information Technology area preferably with a focus on information security. * A minimum of 3\-4 years of professional work experience in Information Security conducting information security assessments of third\-parties, mitigation activities and monitoring third\-party security risks. * Proven knowledge of cybersecurity frameworks and standards (PCI\-DSS, NIST 800\-53, COBIT, SOX, ISO 27001/27002\), risk assessment methodologies and controls assurance techniques. * Proven knowledge and understanding of Information Technology and Information Security concepts such as: Exceptions Management, Client Assurance (contract security reviews, security questionnaires, due diligence assessments), Risk Management \& Reporting, Audit Risk \& Compliance. * Strong verbal and written communication skills, interpersonal collaborative skills, and the ability to communicate security and risk\-related concepts to technical and non\-technical audiences across various levels. * Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a highly\-matrixed organization. Capable of delivering results through a position of influence, not authority. Take personal initiative and is a positive example for others to emulate. * Ability to work independently and as part of a team. * Strong analytical risk\-based problem solving and critical thinking skills with attention to detail. * Proven proficiency in English language (written and verbal). * Industry certifications such as CRISC, CISM, CISA or CISSP are desirable