Ephesus Solutions

Job Summary

We are seeking a motivated and detail-oriented IT Security Analyst specializing in Governance, Risk, and Compliance (GRC) to join our client's growing information security team. This role is ideal for professionals with a strong foundation in cybersecurity compliance and risk management who are eager to take ownership of key security initiatives. As a foundational member of our client's expanding security program, you will play a critical role in developing policies, managing risks, and ensuring compliance with industry-leading frameworks such as System and Organization Controls (SOC 2), NIST Cybersecurity Framework (CSF), NIST Risk Management Framework (RMF), and CMMC/NIST 800-171.

This is an exciting opportunity for individuals who thrive in a fast-paced, collaborative environment and want to be part of a team that is shaping the future of security within a rapidly scaling organization. You will have the chance to work alongside experienced security professionals, contribute to high-impact initiatives—including Mergers & Acquisitions (M&A) due diligence—and grow your expertise in the domain.

Essential Function and Responsibilities

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.

• Conduct risk assessments, analyze security gaps, and recommend remediation strategies to strengthen our security posture.

• Assist in internal and external security audits, including SOC 2 readiness and CMMC certification efforts.

• Support security evaluations of potential acquisitions, ensuring new entities align with organizational security standards.

• Contribute to the development of cybersecurity training programs to enhance security awareness across the organization.

• Work closely with IT, Legal, and Executive Leadership to provide insights into compliance status, security risks, and regulatory updates.

Recommended Minimum Qualifications

The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• 2+ years of experience in IT security, risk management, or compliance related roles.

• Demonstrated familiarity with regulatory compliance frameworks

• Familiarity with data privacy regulations (GDPR, HIPPA, etc)

• Excellent verbal and written communication skills

• Strong analytical and problem-solving skills with attention to detail.

• Desire to pursue industry related certifications: Security+, CISA, CGRC, etc.

Physical Demands and Environmental Conditions

The physical demands described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. The work environment characteristics described below are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is:

• Regularly required to sit, talk and hear

• Occasionally required to use hands to finger, handle, or feel; reach with hands and arms; and stoop, kneel, or crouch

• Occasionally required to lift and/or move up to 10 pounds

• Occasionally required to attend meetings

• Specific vision abilities required by this job include close vision, peripheral vision, depth perception, and ability to adjust focus

Job Competencies

For placement in this job, individual must demonstration proficiency for each of the following competencies at the level defined.

• Strong analytical and problem-solving skills.

• Stress Tolerance in a high paced environment.

• Eagerness to learn and adapt in a rapidly evolving field.

Job Types: Full-time, Permanent

Pay: $125,000.00 - $135,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance

Application Question(s):

• Are you comfortable working on a hybrid schedule?

Experience:

• SOC 2: 3 years (Required)
• CMMC: 3 years (Required)
• Information security: 4 years (Required)
• GRC: 3 years (Required)
• Data Privacy Regulations: 4 years (Required)

Work Location: In person