Remote IT Security Analyst – Data Risk Management, Controls & Compliance – careerzynith – $25/hr – Full‑Time
```html About careerzynith – Pioneering Secure Aviation Solutions careerzynith is a global leader in the aviation industry, delivering safe, reliable, and innovative travel experiences to millions of passengers every day. Our mission is to protect the digital backbone that powers flight operations, reservation systems, and customer interactions. As a forward‑thinking organization, careerzynith invests heavily in cutting‑edge technology, robust risk‑management frameworks, and a culture that values integrity, collaboration, and continuous improvement. Joining careerzynith means becoming part of a team that not only safeguards critical data but also drives transformational change across the entire airline ecosystem. Position Overview – Remote IT Security Analyst careerzynith is seeking a highly motivated Remote IT Security Analyst to serve as a second‑line defender within our Data Security Management (DSM) team. In this role, you will assess, measure, and communicate risk across the enterprise, develop and enforce IT controls, and partner with cross‑functional stakeholders to ensure compliance with industry regulations such as SOX, PCI‑DSS, and other legal requirements. This is a full‑time, remote position offering a competitive hourly rate of $25, flexible work hours, and the opportunity to make a tangible impact on the security posture of a world‑class airline.
Key Responsibilities
- Risk Assessment & Reporting: Conduct comprehensive risk assessments for applications, infrastructure, and data environments; quantify risk exposure and present findings to senior leadership.
- Control Design & Implementation: Collaborate with IT portfolio owners (Infrastructure, Engineering, Application Development, and Cloud Services) to design, document, and implement effective security controls that mitigate identified risks.
- Compliance Management: Ensure ongoing compliance with SOX, PCI‑DSS, GDPR, and other regulatory frameworks by performing control testing, gap analysis, and remediation tracking.
- Stakeholder Engagement: Build strong relationships with internal partners—including Legal, Audit, and Business Units—to align security initiatives with business objectives.
- Training & Enablement: Develop and deliver training programs for IT teams on risk concepts, control effectiveness, and best practices for secure development.
- Continuous Monitoring: Perform periodic control effectiveness testing, identify control deficiencies, and work with owners to remediate gaps promptly.
- Documentation & Knowledge Sharing: Produce clear, concise documentation of control designs, testing procedures, and risk mitigation strategies for internal and external audits.
- Incident Preparedness: Contribute to the development of incident response playbooks and support the execution of tabletop exercises to enhance organizational readiness.
- Innovation & Improvement: Stay abreast of emerging threats, industry trends, and new security technologies; recommend enhancements to existing controls and processes.
- Ad‑hoc Projects: Lead or support special security initiatives, such as third‑party risk assessments, cloud security reviews, and data privacy impact analyses.
Essential Qualifications
- Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field.
- Minimum of 2 years of hands‑on experience in an IT environment with a focus on risk and control frameworks.
- Strong knowledge of risk management standards and security frameworks such as NIST, ISO 27001, and COSO.
- Demonstrated ability to communicate complex technical concepts to both technical and non‑technical audiences.
- Proven track record of developing, testing, and maintaining IT controls in a regulated environment.
- Experience working with compliance requirements (SOX, PCI‑DSS, GDPR) and performing control testing.
- Excellent analytical skills, attention to detail, and the ability to manage multiple priorities in a fast‑paced setting.
- Self‑starter attitude with the ability to work independently while collaborating effectively with remote teams.
- Commitment to upholding the highest standards of integrity, confidentiality, and professionalism.
Preferred Qualifications & Certifications
- Professional certifications such as CISA, CISM, CISSP, or CRISC.
- Hands‑on experience with security tools and platforms (e.g., RSA Archer, ServiceNow GRC, Splunk, or similar).
- Background in data security domains such as incident response, identity & access management, penetration testing, or e‑discovery.
- Experience i