Title:  Senior Associate - Information Security Analyst

Position Summary: The Senior Associate, Information Security Analysis is a hands-on cybersecurity professional who will play a key role in I-CAR’s newly formed IT Security team. This role is instrumental in strengthening and maturing the organization’s overall security posture. As part of a growing and highly visible team, the Senior Associate will help design, implement, and support security capabilities that protect I-CAR’s systems, data, and users. The position works closely with IT and business partners to identify threats, manage vulnerabilities, respond to security incidents, and drive continuous improvement across our security landscape on cybersecurity professional who will play a key role on ICAR’s newly formed IT Security team. This role is instrumental in strengthening and maturing the organization’s overall security posture. As part of a growing and highly visible team, the Senior Associate will help design, implement, and support security capabilities that protect ICAR’s systems, data, and users. The position works closely with IT and business partners to identify I-CAR’s systems, data, and users. The position works closely with IT and business partners to identify I-CAR’s systems, data, and users. The position works closely with IT and business partners to identify threats, manage vulnerabilities, respond to security incidents, and drive continuous improvement across our security landscape. 

Essential Job Functions:  

Incident Response & Threat Monitoring 

• Monitor security platforms and logs to identify potential incidents; validate severity, scope, and impact. 

• Investigate, analyze, and escalate incidents; coordinate response actions with cross-functional teams and document outcomes. 

• Contribute to incident response playbooks and post-incident lessons learned. 

Vulnerability & Risk Management 

• Partner with infrastructure/application teams to identify, prioritize, and remediate vulnerabilities; track remediation of SLAs and risk exceptions. 

• Provide actionable guidance on compensating controls when immediate remediation is not feasible. 

Identity & Access Controls 

• Perform access validation for onboarding/offboarding and ongoing access reviews; identify stale access, discrepancies, and automation failures and drive fixes. 

Third-party & Cloud Security 

• Support security evaluation of third-party vendors and cloud providers, including evidence of review and compliance alignment. 

Security Awareness Program 

• Operate and improve security awareness initiatives; analyze results and recommend improvements. 

Compliance, Evidence, & Reporting 

• Lead evidence gathering and control validation activities; report key security metrics and risks to leadership with clear narratives and recommendations. 

Secure Operations Partnership 

• Collaborate with IT Operations to implement and maintain secure configurations, reduce exposure, and ensure security policies are consistently applied. 

Required Skills/Abilities/Competencies:  

• 3-5 years of experience in security operations, IT infrastructure, incident response, or related field required. 

• Hands-on experience with security tooling such as SIEM, IDS/IPS, endpoint protection, and cloud security capabilities (AWS, Azure, GCP). 

• Ability to communicate clearly with technical and non-technical stakeholders. 

Travel Requirement: 

• Annually for onsite IT department meeting 

• ~4 times per year for key onsite meetings 

Education and Experience: 

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). 

• Certifications (preferred): Security+, CEH, GSEC, or similar