What are the responsibilities and job description for the Information Security Analyst position at AMISEQ?
Information Security Governance, Risk, and Compliance (GRC) Analyst
The GRC analyst will contribute to the development and operational execution of the program, including risk management and compliance with standards and regulations such as ISO27001, ISO 42001, EU GDPR, and EU AI Act, and transforming the program through intelligent automation, AI agents, and data-driven solutions.
Responsibilities:
- Support the GRC operating model and the service-oriented customer engagement model.
- Support GRC capabilities, such as enterprise security risk management, compliance and audit management, policy management, security awareness training, third party risk management, and metrics and reporting.
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
- Design, build, and deploy AI-powered solutions (including agents) to scale GRC processes including but not limited to Security questionnaires, Risk assessments, Evidence collection and control testing
- Develop automated workflows and pipelines using APIs, scripting, or low-code platforms
- Apply LLMs/NLP to analyze policies, audit findings, and regulatory requirements
- Extract insights from large GRC datasets to build and maintain AI-driven risk scoring and prioritization models.
- Partner with security, engineering, and data teams to productionize AI use cases.
- Ensure secure, compliant, and governed use of AI aligned with ISO 42001 and EU AI Act.
Qualifications:
- Candidate must have 5 years working in governance, risk and compliance and/or information security and risk management.
- Functional knowledge of some CISSP security domains and information security industry standard and best practices.
- Functional knowledge of applicable security regulatory requirements (SOX, GDPR, AI Act).
- Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls.
- Functional knowledge of common security certifications (i.e. ISO 27001, ISO 42001, SOC1, SOC2) and ability to glean significance from findings identified in these reports.
- Ability to communicate risk methodologies and concepts to business units and IT teams.
- Demonstrated experience with controls definition, development, implementation and assessment.
- Hands-on experience building or customizing AI/automation solutions, including LLM-based workflows, agents, or copilots, API integrations, scripting (e.g., Python), or low-code platforms.
- Ability to translate GRC use cases into scalable automation solutions.
- Understanding of AI risks, controls, and governance frameworks (ISO 42001, AI Act).
Salary : $90 - $95