Information Security Analyst (Hybrid)

At FEI Systems, we create innovative technology solutions to improve the delivery of health and human services because we know when cumbersome administrative processes stand in the way, those who need it most are often left without access to proper care and support. From comprehensive case management software to disaster recovery services and content management information systems used in delivering foreign aid, our solutions are improving the lives of millions of people. We’re looking for an information security analyst who shares our commitment to leveraging technology to make a real impact in the world - a professional who knows, beyond all else, that the quality of our products and services is only as good as the company we keep.

Job Summary:

We are seeking a highly skilled Information Security Analyst to support the implementation, assessment, and continuous monitoring of security controls in alignment with the NIST Risk Management Framework (RMF). This role is hands-on and requires close collaboration with system owners, control owners, client liaisons, and external assessors to ensure that our information systems remain secure, compliant, and resilient.  Additionally, this position supports FEI’s Internal Audit program.  This position requires experience with AICPA SOC 2 Type 2 audits. This role will focus on ensuring FEI’s product lines meet all five Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy) by coordinating evidence gathering, maintaining documentation, facilitating internal reviews, and serving as a liaison between internal teams and external auditors.

Duties and Responsibilities:

• Works under general supervision to plan and conduct security related assignments for one or more programs/customers.
• Act as one of several primary points of contact for the customer relative to matters of information security
• Develop, review, and maintain RMF documentation, including SSPs, POA&Ms, Risk Assessments, and Continuous Monitoring Plans.
• Collaborate with control owners to ensure technical security controls are correctly configured and operational.
• Map implemented security and privacy controls to NIST SP 800-53 Rev. 5 requirements.
• Assist with Security Control Assessments (SCA), providing evidence, technical validation, and remediation tracking.
• Participate in internal and external security audits, responding to findings and implementing improvements.
• Work with assessors to resolve findings and close gaps in compliance.
• Track vulnerabilities, assess associated risks, and coordinate remediation activities.
• Update POA&Ms with mitigation plans, timelines, and status updates.
• Monitor security controls and maintain ongoing situational awareness of system security posture.
• Prepare compliance reports and security metrics for leadership and stakeholders.
• Maintain knowledge of evolving NIST standards, federal security requirements, and related frameworks (e.g., FedRAMP, FISMA).
• Coordinate and maintain the SOC 2 audit project plan, timelines, and deliverables.
• Partner with process owners to gather, review, and organize audit evidence for all five Trust Services Criteria
• Collaborate with engineering, IT, HR, legal, and operations teams to obtain control evidence (e.g., policies, procedures, system logs, training records).
• Ensure evidence meets auditor requirements in both content and format.
• Maintain a centralized repository for SOC 2 documentation, ensuring security and confidentiality.
• Assist in monitoring and maintaining SOC 2 controls across all trust service categories.
• Track and follow up on remediation actions for identified gaps or deficiencies.
• Support control owners in understanding control requirements and implementation best practices.
• Serve as primary point of contact for auditor questions during the engagement.
• Coordinate audit interviews and walkthroughs with relevant stakeholders.
• Monitor and respond to auditor requests in a timely manner.
• Support the review of the auditor’s draft report for accuracy and completeness.
• Document lessons learned and update procedures to improve future readiness.
• Assist in ongoing compliance monitoring to maintain SOC 2 readiness year-round.

Mandatory Qualifications:

• Practical experience with NIST RMF and NIST SP 800-53 security control implementation, AICPA Trust Services Criteria, and SOC 2 requirements.
• Excellent communication and interpersonal skills for cross-functional collaboration.
• Excellent writing skills for preparing formal security documentation.
• Strong technical understanding of network, system, and application security concepts.
• Strong organizational skills with the ability to manage multiple priorities under tight deadlines.

Preferred Qualifications:

• Security certifications such as CISSP, CISA, or CISM.
• Experience supporting compliance frameworks (NIST, AICPA, FedRAMP, ISO 27001, HIPAA, GDPR).
• Working knowledge of cloud security best practices (AWS or Azure).
• Understanding of data privacy principles and regulatory requirements.
• Prior work in a SaaS or technology-driven organization.
• Prior experience working with federal agencies or regulated environments.

Experience and Education:

• Bachelor’s degree in Information Security, Compliance, Business Administration, or related field AND
• 3-5 years of experience in IT compliance, security audits, or risk management (SOC 2 experience strongly preferred).

Travel Requirements: There is minimal travel required, i.e., less than 10% of the time.  May attend at least one offsite security conference/training event per year.

Other: Must be able to obtain Public Trust; other clearance may or may not be required.

Location: Remote

Status: Full-time position with full company benefits

NOTICE:  EO/AA/VEVRAA/Disabled Employer - Federal Contractor.  FEI Systems participates in E-Verify, a federal program that enables employers to verify the identity and employment eligibility of all persons hired to work in the United States by providing the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization. For more information on E-Verify, please contact DHS at (888) 464-4218.

Applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, marital status, political affiliation, disability, or genetic information, except where it relates to a bona fide occupational qualification or requirement.