Information Security Compliance Analyst

TL;DR

Information Security Compliance Analyst: Developing and executing security controls to prevent attacks targeting company systems with an accent on monitoring compliance with SOC 2+ VA SEC 530 controls and coordinating security incident handling. Focus on translating technical findings into business impact and recommended actions, ensuring evidence completeness, and tracking remediation activities.

Location: This is an onsite position located in Richmond, VA and requires regular on‑location presence within the Virginia Lottery operating environment. Candidates must meet this requirement to be considered. This role is not remote.

Salary: $55,631 - $98,467

Company

Brightstar is an innovative, forward-thinking global leader in lottery that builds on our renowned expertise in delivering secure technology and producing reliable, comprehensive solutions for our customers.

What you will do

• Monitor the operating environment for compliance with SOC 2+ VA SEC 530 controls, track deviations and remediation activities in a Plan of Action & Milestones (POA&M).
• Coordinate security incident handling, liaise with the Global Cybersecurity Incident Response Team towards containment, root cause determination, and updates to the POA&M.
• Coordinate preparation and execution of external audit activities to ensure evidence completeness, accuracy, and appropriateness.
• Track to remediation any audit findings and vulnerabilities documented in the POA&M and collaborate with Infrastructure, Application, and Operations teams to design and deploy countermeasures and security enhancements.
• Prepare concise reports and briefings that translate technical findings into business impact and recommended actions.

Requirements

• Solid understanding of cybersecurity compliance scoping methodologies, control environments, and evidence management.
• Hands-on experience implementing and coordinating with technical teams, the implementation security controls, across a variety of technical, operational, and personnel requirements.
• Ability to investigate incidents, research vulnerabilities, correlate logs and alerts, and clearly communicate findings and recommended actions to technical teams.
• Bachelor’s degree in related field or experience in lieu of a degree
• 2+ years of dedicated related security operations, compliance, or incident response experience required.
• Familiarity with NIST 800-53 control families and mapping to enterprise policies.

Nice to have

• Experience producing executive-level compliance or risk dashboards.
• Professional certifications aligned to information security compliance and governance, such as CISA, CRISC, CAP (NIST RMF), or similar credentials.

Culture & Benefits

• Employees have a role in information security, with annual training assigned and required as appropriate.
• Offer employees a 401(k) Savings Plan with Company contributions, health, dental, and vision insurance, life, accident, and disability insurance.
• Provide tuition reimbursement, paid time off, wellness programs, and identity theft insurance.