Sr. Information Security Analyst

Who we are—

Transcat is a dynamic, innovative, growing company that has been recognized as the leading calibration and compliance services provider in North America and beyond.  With over 1,000 employees—in technical, consulting, operational, sales, finance, and corporate roles—we have stood the test of time by delivering on our Trust in Every Measure promise to our customers in vital industries, including life sciences, aerospace, defense, energy, and utilities.  We fulfill this promise through our employees, who live Our Values every day, the Transcat Way.  Our employees are at the center of the rewarding, challenging, and life-changing work we do for our customers and those they serve.  Are you ready to join a company where the work you do makes a difference, and where you can grow in your career? 

Here’s what Transcat has to offer—

 Work that matters

• A values-based culture where people care about each other and the work they do together
• Flexibility
• Training and development to accelerate learning and career advancement
• Competitive compensation and benefits, including paid time off, health insurance, tuition reimbursement, retirement, stock purchase plan, and MORE!
• Salary range is $87,000 - $120,000

Position Summary

We are seeking a highly motivated, hands-on, technically proficient, and detail-oriented Senior Information Security Analyst to join our growing security team, with a focus on Governance, Risk, and Compliance (GRC). The ideal candidate will have a strong understanding of cybersecurity principles, compliance requirements, and governance risk and controls frameworks. The ideal candidate will also have strong technical proficiency to assist in hands-on remediation of networks, systems, and other related remediation activities.

This individual will spearhead efforts across the organization, working with senior leaders in business and IT as well as external 3^rd parties to establish and sustain a comprehensive and compliant security strategy across the enterprise. This person’s main duty will be to identify, develop, implement, and mature people, processes, and technology to reduce information security and data privacy risks while ensuring compliance with industry best practices and frameworks.

• Partner with IT and other business leaders to maintain Disaster Recovery and Business Continuity Plans
• Support the definition and implementation of corporate security policies, procedures, standards and controls; ensuring they are tailored to specific business needs
• Analyze security incidents, responses, and resolutions. Prepare reports for management and stakeholders, providing insights into network security performance
• Conduct regular risk assessments of the network infrastructure and identify potential security weaknesses. Collaborate with others to prioritize and address the identified risks
• Work closely with executive management to determine acceptable levels of risk
• Promote a security-conscious culture within the organization by conducting training programs, workshops, and awareness campaigns to educate employees about network security best practices
• Foster a culture of security awareness and encourage proactive incident reporting
• Manage relationships with third-party security vendors, ensuring that outsourced security services meet the organization's requirements and compliance standards
• Monitor network security compliance with relevant regulations, policies, and frameworks.
• Stay up to date with evolving security threats and industry trends, recommend and implement necessary changes to maintain a strong security posture
• Ensure compliance with industry regulations and standards, such as ISO, PCI, SOX, and GDP
• Evaluate and implement new security technologies
• Oversee the monitoring and analysis of potential security threats and vulnerabilities
• Implement and manage security tools, such as firewalls, intrusion detection systems, anti-virus software, and authentication systems
• Ensure the security of cloud services, data centers, network infrastructure, and end-user devices
• Conduct and/or coordinate regular security audits, penetration testing, and vulnerability assessments

Required Knowledge, Skills, and Abilities

• Self-starter with the ability to build partnerships and function effectively with limited oversight
• Ability to quickly learn various systems (NetSuite, Salesforce, Infor A+, other)
• Experience securing MS Windows Server environment
• Experience securing Amazon Web Services (AWS) environment
• Experience securing MS Office 365 environment
• Deep understanding of, and experience in cybersecurity best practices and frameworks (ISO27001, NIST, SOC2), network security, endpoint security, identity & access management, data security, security operations, and cloud.
• Risk management experience with proven ability to effectively apply risk principles to challenging business situations
• Excellent communication and interpersonal skills to effectively collaborate with technical and non-technical teams, both in-person and remotely; strong presentation skills
• Strong problem-solving and analytical skills to identify, triage and address security risks, especially in complex, distributed environments
• Proven experience in developing and implementing security strategies
• In-depth knowledge of cybersecurity trends, threats, and mitigation strategies
• Proven experience in managing and leading security teams, as well as hands-on involvement in incident response, security assessments, and compliance audits, including GDPR compliance. Strong troubleshooting skills for both network and endpoint security issues across Windows and Mac environments

Education and Experience

• 7+ years of experience in a combination of Risk Management, Information Security and IT roles
• Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Master’s degree preferred.
• Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM), preferred

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is regularly required to stand; walk; use hands to finger, handle, or feel; reach with hands and arms; climb or balance and stoop, kneel, crouch, or crawl. The employee is occasionally required to sit and talk or hear. Specific vision abilities required by this job include close vision, color vision and ability to adjust focus.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  The noise level in the work environment is usually moderate.

Contingencies

All offers of employment are contingent upon successfully completing all pre-employment requirements, which include verification of identity and employment eligibility, and when applicable, a motor vehicle driving record report.

Equal Opportunity and Non-Discrimination

Transcat is an equal-opportunity employer and prohibits discrimination on the basis of any protected status.  All qualified applicants will receive consideration for employment without regard to age, color, creed, disability, domestic violence victim status, gender identity, genetic predisposition or carrier status, marital status, national origin, pregnancy, race, religion, sex, sexual orientation, status as a protected veteran or as a member of any other protected group or activity.

We will make reasonable accommodations for personnel with disabilities to enable them to perform the essential functions of this position unless doing so poses an undue hardship to the company or a direct threat to health or safety.