Information Security Analyst in Bloomington, Minnesota at DCM SERVICES LLC

About DCM Services

DCM Services is a leading provider of financial services solutions, specializing in account resolution and customer engagement. With decades of industry experience, DCM partners with top financial institutions to deliver compliant, people-first services. The company is committed to building a secure, well-governed information environment grounded in ISO 27001/2 standards — and this role sits at the heart of that mission.

The Information Security Analyst assists in developing, implementing, and certifying an Information Security Management System (InfoSec Program) based on ISO27001/2 standards. You'll own documentation, access management, audits, phishing tests, vendor compliance, and more — working cross-functionally to keep the company's security posture strong.

Key responsibilities

• Manage and review events, access levels, and scorecard metrics; respond to auditor questionnaires about the company's security posture
• Maintain the InfoSec program document lifecycle so documentation reflects current controls and risk mitigations
• Manage access tickets for new hires, changes, and revocations; keep the Profile Definition Matrix current
• Conduct monthly phishing tests, summarize results, and recommend risk-reduction actions
• Coordinate and document annual Business Continuity Plan table-top exercises for Operations Support and Accounting
• Participate in client audits end-to-end and drive remediation of IT and information security findings
• Audit Support-level vendors for compliance with the company's Vendor Management Program
• Participate in weekly email DLP quarantine monitoring rotation and partner with IT on firewall reviews
• Review weekly physical access swipes to secure areas and ensure ticket-based owner approval

Qualifications

• Associate's degree in a related field, or 4+ years of experience in IT, QA, Compliance, or Accounting
• Demonstrated strong technical writing ability
• Basic awareness of ISO/IEC 27001, PCI DSS, NIST SP800-53, SOC 1, and SOC 2 frameworks
• Familiarity with HIPAA/HITECH, GLBA, and CCPA regulatory requirements
• Awareness of security architecture principles, change management, disaster recovery, and business continuity concepts
• Ability to manage multiple priorities, work independently, and communicate effectively in a cross-functional environment

Certifications not required, but interest in pursuing CISSP, CISA, CISM, CRISC, or CompTIA credentials is a plus.

Physical & travel requirements

• Prolonged periods of computer work
• Up to 5% travel outside local area, including occasional overnight
• Ability to travel to the office upon request or for business needs
• Ability to lift up to 15 lbs occasionally

#DCMHP1