Nesco Data Center & Infra is seeking an IT Analyst in Hauppauge NY for a contractor opportunity.
Position Summary:
We are seeking a detail-oriented and technically skilled Information Security Risk Analyst to join our growing security team. The ideal candidate will play a key role in monitoring, assessing, and responding to security risks across the organization, while collaborating with internal teams and external vendors to ensure compliance with industry standards and best practices.
Key Responsibilities:
-
Monitor and investigate potential security threats using tools such as Microsoft Entra and Purview, with a focus on daily review of Risky Users and privileged access.
-
Conduct ongoing surveillance of internal networks to detect, analyze, and respond to potential security incidents or breaches.
-
Perform third-party risk assessments using platforms like UpGuard TPRM, ensuring vendor compliance with internal and regulatory security requirements.
-
Coordinate with vendors and manage Department of Justice (DoJ) DSP attestations, certifications, and related documentation.
-
Collaborate with cross-functional teams to conduct comprehensive security reviews of third-party vendors and service providers.
-
Analyze Business Associate Agreements (BAAs) and provide recommendations related to security posture and liability exposure.
-
Contribute to the development and maintenance of internal security documentation and incident response runbooks.
-
Assist with internal and external audits, ensuring timely and accurate responses to requests and supporting compliance initiatives.
Required Skills & Qualifications:
-
Strong hands-on experience with Microsoft 365 security tools, including Entra and Purview.
-
Familiarity with third-party risk management processes and tools (e.g., UpGuard TPRM).
-
Solid understanding of security frameworks and compliance requirements (e.g., HIPAA, NIST, SOC 2).
-
Ability to interpret legal and security documentation such as BAAs and vendor certifications.
-
Strong communication and analytical skills; able to interface with both technical and non-technical stakeholders.
-
Experience supporting audits, risk assessments, and incident response processes.
-
Knowledge of vendor and access risk mitigation best practices.
Preferred Qualifications:
-
Relevant certifications such as Security , CISA, CISM, or CISSP.
-
Experience working in regulated industries such as healthcare, finance, or legal services.
-
Background in vendor management or contract security review is a plus.
Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.