Information Security Analyst at Distro – Stamford, Connecticut

Position Summary We're seeking a highly experienced Information Security Analyst to support a municipal-level cybersecurity program. This role reports to executive cybersecurity leadership and is responsible for strengthening enterprise security posture, ensuring regulatory compliance, and protecting critical systems and sensitive data.

Key Responsibilities Develop and maintain information security policies, standards, and procedures Maintain IT risk taxonomy, risk register, and control inventory Align security program with NIST, FISMA, FedRAMP, ISO 27001, CIS Controls Lead Technology Risk and RCSA processes Conduct risk assessments, vulnerability scans, SOC testing, and audits Support audits, compliance reviews, POA&M tracking Monitor and respond to security events; lead incident containment/remediation Maintain SIEM, IDS/IPS, DLP, and endpoint protection tools Manage threat intelligence processes Advise leadership on cybersecurity risks and trends Provide security awareness training and executive-ready communications Required Deliverables IT Risk Taxonomy (NIST RMF aligned) Enterprise IT Risk Register Risk Assessment Methodologies SOC Testing Framework & RCSA Model Threat Intelligence Process Documentation Compliance & remediation tracking Minimum Qualifications 8–10 years in Information Security, Risk Management, or IT Security Operations Experience developing enterprise security programs in regulated environments Expertise with: SIEM, IDS/IPS, Firewalls, Endpoint tools, Vulnerability platforms Knowledge of Zero Trust architecture Understanding of NIST CSF 2.0, NIST RMF, ISO 27001, CIS Controls Cloud security experience (AWS, Azure, GovCloud) Strong analytical, investigative, and communication skills Preferred Qualifications Experience in municipal, state, or federal environments Certifications: CISSP, CISM, CRISC, CEH, GIAC Experience with POA&M remediation and compliance reporting Core Competencies Enterprise Risk Management Security Governance & Compliance SOC & Control Testing Incident Response Threat Intelligence Zero Trust Architecture Cross-Functional Collaboration

#SolvoHRGlobal

#LI-PROMOTED

#LI-Onsite