Senior Information Assurance Analyst

Every day, NuHarbor Security improves the cybersecurity of our clients by making it stronger and easier to understand.  Our comprehensive suite of security services, from strategic advising to 24-hour monitoring and management, provide an organizational view of security that is focused on results and recommendations that are valuable for both business and technical leaders.  We’re growing quickly because our clients, and the general market, are looking for these outcomes and for the data it gives them to explain, promote, and justify, their security investment and mission.

The Senior Information Assurance (IA) Analyst is a senior resource supporting a long-term, strategic Governance, Risk, and Compliance (GRC) program with a designated client. This role works closely with service delivery teams, client stakeholders and third-party service providers to assess, mature, and operationalize GRC processes over the life of the contract. 

The Senior IA Analyst performs hands-on delivery with limited oversight, serves as a subject matter expert in NIST-aligned risk and compliance practices, and supports the integration of GRC services into ongoing security operations. This role requires consistent collaboration, strong relationship management skills, and the ability to operate effectively within a multi-vendor environment. 

What you’ll do

• Lives by the NuHarbor values: Help Clients Win, Always Improve, Protect the House 

• Serves as a senior Information Assurance and GRC resource supporting a long-term strategic client engagement 

• Works directly with client stakeholders and third-party service providers to support ongoing GRC activities, assessments, and operational initiatives 

• Supports execution and continuous improvement of governance, risk, and compliance processes aligned to NIST principles 

• Leads application of NIST 800-53 and NIST risk management and assessment principles to identify control gaps and risks, and to develop, prioritize, and manage POA&M-driven remediation and risk reduction strategies. 

• Contributes to refinement of GRC workflows, reporting, and compliance tracking capabilities, and supports operational integration of GRC services across security operations and long-term delivery models 

• Participates in stakeholder meetings, workshops, and information gathering activities across the client and vendor ecosystem 

• Owns and develops GRC and security program documentation and artifacts, ensuring ongoing accuracy, consistency, and alignment to program requirements 

• Synthesizes and communicates risk, compliance, and control information in a clear, actionable, and audience appropriate manner. 

Your foundation.  The requirements for this role:

• Bachelor’s degree and three (3) years of experience in cybersecurity, information assurance, or risk management roles.  

• In lieu of a degree, an additional two (2) years of experience in a related technology or risk management field and relevant industry certifications are required. 

• At least 2 years of hands-on GRC specific experience supporting risk assessments, security control evaluations, compliance requirements and remediation efforts 

• Demonstrated expertise applying NIST frameworks and risk management principles to assess control implementation, evaluate risk posture, and identify compliance gaps 

• Demonstrated experience developing, prioritizing, and managing Plans of Action and Milestones (POA&Ms), including remediation planning and risk reduction activities 

• Demonstrated experience managing, building, or supporting workflows within a GRC platform, including risk, issue, and remediation tracking 

• Strong written and verbal communication skills with the ability to translate complex risk, control, and compliance concepts into clear, actionable language 

• Ability to manage and prioritize multiple concurrent workstreams while maintaining focus on long-term program objectives 

• Ability to perform effective research and analysis through stakeholder interviews, workshops, and document review. 

• Must be a citizen of the United States 

Additional capabilities that will differentiate you for this role:

• Holds at least one industry accepted, relevant certification such as Security+, CISM, CISA, CRISC, CISSP, CCSP. 

• Experience supporting long-term or multi-year client engagements and operating within established service delivery models 

• Experience working with ServiceNow GRC functionality, including risk management, policy and compliance management, issue and remediation tracking, and reporting workflows. 

• Experience collaborating with different stakeholders and service providers in a multi-vendor or shared-responsibility environment 

Base Salary for this role is targeted at $85,000 - $110,000 annually. *Salary based on Burlington, VT salary data. Offer is based on candidate geography. Additionally, this role is eligible for the company bonus plan at a 10% target.

NuHarbor Security hires in the following states: AZ, CO, FL, GA, IL, IN, IA, MA, MD, ME, MI, MN, MO, MT, NC, NE, NH, NJ, NY, OH, OR, PA, SC, TX, VT, VA, WA

What you can expect:

• The engagement and support of company leadership who recognize the challenge of marketing a complex cybersecurity service in a chaotic market.
• An organization that recognizes and rewards employee commitment and contribution to our customers’ satisfaction and success
• Growth in your career and capabilities as you help to chart a path to improving customer interactivity and service adoption.
• A collaborative and driven working environment in a rapidly growing company and market
• A fun and social working environment where you are encouraged to be your true self.

You can also expect competitive salary and benefits, including paid time to give back in your community and generous PTO.

We are purpose driven. We, as an organization, above anything else protect the house first and then help our customers win.  If this sounds like the kind of organization you’d like to be a part of, we‘d like to hear from you.

AAP/EEO Statement

The Equal Employment Opportunity Policy of NuHarbor Security is to provide a fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status or disability. NuHarbor Security hires and promotes individuals solely based on their qualifications for the job to be filled.

NuHarbor Security believes that employees should be provided with a working environment which enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status, or disability.  We expect and require the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere.