Information Security Analyst (Cybersecurity)

TL;DR

Information Security Analyst (Cybersecurity): Supporting security governance, risk, and compliance activities across NIST, SOX, CMMC, ISO 27001, and PCI DSS frameworks with an accent on control assessments, risk management, and audit support. Focus on conducting gap analyses, evidence collection, policy maintenance, and driving continuous improvement in security programs.

Location: Hybrid role, onsite at HQ in Maple Plain, MN on Tuesday, Wednesday, and Thursday. Only open to U.S. Citizens, lawful permanent residents (green card holders), or foreign nationals granted refugee or asylee status due to ITAR regulations. Individuals with temporary visas (e.g., E, F-1, H-1, H-2, L, B, J, TN, OPT) are not eligible.

Salary: $87,800 - $131,800 a year

Company

Leaders in digital manufacturing, hiring doers and creative thinkers to bring innovative products to market quickly.

What you will do

• Support and enhance compliance programs for NIST, SOX ITGC, CMMC, ISO 27001, and PCI DSS, including readiness assessments, gap analyses, and control audits.
• Coordinate documentation, evidence collection, and control testing for audits and certifications.
• Contribute to security policies, standards, procedures, and periodic risk assessments.
• Execute internal control testing and partner with auditors on remediation activities.
• Monitor compliance performance, develop metrics/dashboards, and support vendor security reviews.
• Develop and deliver security compliance training programs and promote awareness across the organization.
• Collaborate cross-functionally with IT, Legal, Finance, Engineering, and Operations.

Requirements

• Bachelor’s Degree in Information Security, IT, Computer Science, or equivalent experience.
• Formal schooling or experience with cybersecurity technologies: SOC, NAC, SIEM, CASB, PKI, IDS, IPS, PCI, ISO, DLP, UTM, UEBA, CEH, SSCP, OWASP Top 10.
• 3+ years in information security: operations, vulnerability management, incident response, GRC, or cloud/application security.
• Strong analytical, documentation, and communication skills.

Nice to have

• Knowledge of NIST, ISO 27001, CMMC, SOX ITGC, PCI DSS.
• Experience with GRC platforms (e.g., FutureFeed, Cyturus).
• Certifications: Security+, CISA, CISM, ISO 27001 Lead Auditor/Implementer.
• Experience in regulated/manufacturing environments, audits, risk assessments.
• Ability to manage projects, be on call, travel 10%.

Culture & Benefits

• Competitive Total Rewards: salary, bonus, long-term incentives.
• Health: traditional/high deductible plans, FSA, HSA (employer contributions), dental, vision.
• Insurance: life, short/long-term disability, paid caregiver leave.
• Time off: PTO, holidays, wellness hours, volunteer hours.
• 401k with company match (immediate vest), employee stock purchase (15% discount).
• Diverse, entrepreneurial culture focused on meaningful work and innovation.