Pro members applied to this job 36 hours before you saw itGet Pro ›

Harbor - IT Security Analyst

Remote - ET (Eastern)5d ago

Remote Mid NA Cybersecurity Security Analyst Risk Management Reporting Governance Due Diligence

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• 4+ years of experience in information security, cybersecurity, or a related field • Hands-on experience with vulnerability management tools (preferably Qualys) • Experience responding to client security questionnaires or audit requests • Foundational understanding of network security concepts (firewalls, SIEM, IDS/IPS, endpoint protection) • Familiarity with risk management principles, including third-party/vendor risk • Familiarity with M365 Security Tools, Exchange Online Protection, Purview, a plus. • Experience with TPRM programs or vendor risk platforms • Knowledge of security frameworks (ISO 27001, SOC 2) • Experience with remediation tracking and security metrics/reporting • Familiarity with penetration testing concepts and vulnerability exploitation techniques • Education & Certifications • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience) • Harbor is the preeminent provider of expert services across strategy, legal technology, operations, and intelligence. Our globally integrated team of 800+ strategists, technologists, and specialists navigate alongside our clients – leading law firms, corporations, and their law departments – to provide essential resources and invaluable insights. Anchored in a rich heritage of deep knowledge, steadfast relationships, and mutual respect, our unwavering dedication lies in shaping the future of the legal industry and fostering enduring partnerships within our community and ecosystem.

Responsibilities

• Vulnerability Management (Qualys-Focused) • Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments • Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams • Track remediation progress and produce reporting dashboards and metrics for leadership • Continuously improve vulnerability management processes, including SLAs, exception handling, and risk acceptance workflows • Third-Party Risk Management (TPRM) • Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews • Evaluate vendor security posture using standardized frameworks (e.g., SIG, CAIQ, or equivalent) • Maintain vendor risk inventory and ensure alignment with internal security policies • Client Security Questionnaires & Assurance • Own and respond to client security questionnaires, RFPs, and due diligence requests • Collaborate with internal stakeholders to ensure accurate, consistent, and timely responses • Maintain a centralized knowledge base of standard responses to improve efficiency and consistency • Support audits and client security reviews as needed • Security Posture & Governance • Review, update, and maintain security policies, standards, and procedures • Identify gaps in current security controls and recommend improvements aligned with industry frameworks (e.g., SOC2, ISO 27001) • Partner with IT and engineering teams to enhance overall security posture and maturity • Stay current on emerging threats, vulnerabilities, and best practices • Incident Support & General Security Operations • Assist in the investigation and response to security incidents and vulnerabilities • Support internal security initiatives, including awareness, compliance, and risk reduction efforts • Contribute to continuous improvement of security tooling and processes