GRC Analyst Information Security

Title: Information Security Analyst

Department: Information Technology

Position Summary: The Information Security Analyst is responsible for independently executing and supporting key components of MCPC’s security, risk, and compliance program. This role reviews the organization’s systems, facilities, processes, and departments to assess security posture and reduce risk across operations, systems, networks, data, and the endpoint lifecycle supply chain.

This position plays an active role in internal audits, policy development, risk management, access governance, and third-party risk management. The Information Security Analyst partners closely with IT, Operations, and business stakeholders and directly supports MCPC’s commitment to protecting client data and maintaining trust by ensuring the confidentiality, integrity, and availability of information assets and services.

Responsibilities:

1. Security Operations & Risk Management
2. Identify, document, and assess security events, risks, and vulnerabilities, including defining remediation recommendations and tracking action plans to closure.
3. Perform vulnerability and risk assessments and work with IT teams to drive remediation efforts, access reviews, and system hardening activities.
4. Monitor security alerts and events, contributing to the ongoing tuning and improvement of DLP, SIEM, SOAR, and EDR detections.
5. Evaluate emerging security threats and vulnerabilities and assess the effectiveness of existing security controls.
6. Support secure adoption of new technologies, including Artificial Intelligence solutions, by identifying risks and recommending appropriate safeguards.
7. Audits, Compliance & Policy
8. Plan and execute internal security audits of MCPC systems, processes, and facilities to identify control gaps, risks, and improvement opportunities.
9. Draft, review, and maintain information security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
10. Act as a primary security point of contact for MCPC employees and external parties during audits, assessments, and security reviews.
11. Monitor and report on compliance with security awareness initiatives, phishing simulations, and related training programs.
12. Maintain and enhance MCPC’s risk register, including risk analysis, prioritization, mitigation strategies, and progress tracking.
13. Vendor & Supply Chain Risk Management
14. Conduct security risk assessments for vendors and partners during onboarding and throughout the vendor lifecycle.
15. Evaluate third-party security controls, documentation, and attestations to identify and document risk.
16. Monitor vendors and partners for reported security incidents, events, and supply chain risks.
17. Support vendor risk management activities related to endpoint lifecycle management, IT asset management (ITAM), and IT asset disposition (ITAD) services.
18. Incident Response & Resilience
19. Maintain, document, and participate in testing of Incident Response, Disaster Recovery, and Business Continuity plans.
20. Participate in security incident response activities, including investigation, coordination, documentation, and post-incident reviews.
21. Provide recommendations to improve incident response readiness and operational resilience.
22. Program & Administrative Support

• Collaborate with internal departments to ensure security requirements are embedded into operational and business processes.
• Lead or contribute to security working sessions and document meeting agendas, decisions, and action items.
• Contribute to continuous improvement initiatives across the MCPC Security Program.
• Other tasks as assigned.

Key Outcomes of this Position

• The continuous improvement of MCPC’s Security Program.
• Be a member of a skilled, engaged, and forward-looking security team
• Reduction in delta between vulnerability discovery and remediation
• Measurable increase in items analyzed in MCPC’s risk register

Required Qualifications:

• 2–5 years of experience in Information Security, Risk Management, Compliance, Internal Audit, or Security Operations.
• Bachelor’s degree in Information Security, Information Technology, Computer Science, or a related field, or equivalent professional experience.
• Working knowledge of:
  • Entra ID / Active Directory
  • SCCM / MECM / Intune
  • Patch and endpoint lifecycle management
  • CVSS vulnerability scoring and remediation prioritization
  • Data disposition standards such as NIST 800 88 and NAID AAA
• Experience working with industry security frameworks such as AICPA SOC 2, ISO 27001, NIST, and CIS.
• Strong written communication skills for audit reporting, policy drafting, and risk documentation.
• Ability to communicate security concepts effectively to both technical and non technical audiences.
• Proven ability to work independently and cross functionally with IT, Operations, and business teams.

  Preferred Qualifications :

• Experience leading or independently executing internal security audits or assessments.
• Hands-on experience with third-party risk management programs.
• Professional certifications such as Security+, Azure Fundamentals, CRISC, CISA, or similar.

Physical Requirements:

• The physical requirements of this job include frequent sitting, occasionally walking around, carrying light objects, grasping, and reaching for things, rare stooping/crouching, clarity of vision, speaking and listening ability with or without reasonable accommodation.
• Ability to occasionally drive or travel to MCPC’s satellite offices in the Greater Cleveland Area, Grand Rapids Michigan, Erie PA, and Kansans City MO, and any other facility.

  Who We Are: At MCPC, we pride ourselves on being Outcome Engineers, delivering end-to-end solutions and expertise that empower businesses to thrive in the digital age. We combine top-tier services and cutting-edge technology solutions to solve complex business challenges, ensuring data security, cost efficiency, and seamless digital transformation. Our commitment to our clients requires providing quality people that allow us to excel at exceeding our clients’ expectations. The MCPC employee experience is built on a foundation of collaboration, innovation, and growth. We offer the balance of a close-knit workforce and pathways for professional growth. Our team members are encouraged to bring their unique perspectives and ideas to the table. Join us and be part of a principled, quality-driven, respectful, and innovative team that values continuous improvement and community commitment. Together, we tackle today’s challenges and pioneer solutions for tomorrow.
  

  Where We Are/Who We Serve: MCPC is a global organization, but we are headquartered in Cleveland, OH, with regional offices in Grand Rapids, MI and Erie, PA, which is a source of pride for everyone here at MCPC. MCPC has a longstanding culture of unwavering commitment to giving back to the communities we serve. (link to our blog)
  
  

  What We Do: Endpoint Lifecycle Management

  Advisory Services – MCPC is the go-to resource for all our client’s end user device procurement and service needs. We help address tactical pain points that allow our clients’ workforce to have a seamless and secure environment.

  Configuration and Integration – Custom solutions that fit within a client’s endpoint environment. Ensuring new devices meet the requirements of the client and are ready to be deployed on day 1.

  IT Supply Chain – MCPC offers expert level supply chain services to help clients in the process of assembling, securing, managing, and delivering desk-ready IT inventory.

  Managed Deployment – Coordination of experienced IT technicians ensuring clients’ devices, servers, data, and more are securely delivered, protected, and supported.

  Secure Technology Asset Disposition \- Allows clients to remove old or outdated devices from their environment. Our facility will erase all data to Department of Defense standards and provide reverse logistics to the client as to whether their devices can be repurposed, recycled, or disposed of properly.

  Benefits & Appreciation:
  

• 401k matching and ROTH option.
• Company sponsored events (picnics, cookouts, and volunteering opportunities).
• Competitive Medical, Dental and Vision package.
• Company paid Holidays and Paid Time Off.
• Career paths and advancement.

This job description in no way states or implies that these are the only duties to be performed by the employee occupying this position. Employees will be required to follow any other job-related instructions and to perform other job-related duties requested by their supervisor.