ACA Compliance Group Holdings, LLC

  • Information Security Analyst (VMOS)

    Job Locations US-PA-Pittsburgh, PA
    Job ID
    Risk (Cybersecurity) Division
    Regular Full-Time
  • Overview

    About ACA/Aponix:

    ACA is a management consultancy in the Governance, Risk Management & Compliance (GRC) space and Aponix is ACA's Cybersecurity & Risk practice group. Aponix provides cybersecurity and technology risk assessments, vendor and M&A diligence services, network testing, and advisory services. The Aponix team consists of senior technologists who have started in the technology trenches, many growing into technology leaders at organizations ranging from small to large hedge funds, bulge-bracket banks, and technology services providers for the financial services sector.


    Position Objective:

    The individual will be primarily responsible for supporting the vendor management programs of clients and assisting with the completion of cybersecurity assessment-related tasks.  The individual in this position is also responsible for supporting senior colleagues with information security risk assessments, reporting, and related client activities. 


    • Under supervision, assist with conducting technical reviews of IT systems and audit security controls
    • Analyze responses and submitted IT audit and related documentation, and align responses to various risk frameworks (COBIT, NIST, SANS)
    • Identify controls gaps, vulnerabilities, exploits, patches to generate issue lists and mitigation recommendations
    • Facilitate vendor due diligence workflow, including initiation, follow-ups, and completion of questionnaires
    • Execute ongoing testing, gap analysis of information security-related policies, practices, and procedures, as well as perform tasks related to monitoring a vendor’s IT infrastructure according to established guidelines
    • Generate initial draft of vendor risk baseline report
    • Assist with vendor on-site reviews and draft reports documenting the on-site findings
    • Document and generate comparison matrices between IT/cyber vendors and services
    • Coordinate vendor product demos
    • Assist with the research, review, development and/or enhancement of client-facing information security policies and technical risk documentation, as well as white paper content and/or training programs
    • Assist with creating content for cybersecurity and IT-risk related email alerts
    • Assist with the design of and production of phishing campaign email templates



    • Associate degree in information technology, computer science, information security and assurance, or similar program; relevant certification (ISC(2), SANS GSEC/GICSP or CompTIA Security+/A+/Network+); or equivalent combination of education, training, and experience preferred
    • At least one year of practical experience in the areas of information security
    • Knowledge in network architecture and security controls as well as current and emerging information security threats
    • Ability to identify information security risks to the confidentiality, integrity and availability of information systems and client data
    • Familiarity with compliance regulations and security frameworks (SOX, PCI, GLBA, COBIT, FINRA, ISO, NIST,)
    • Experience with risk and threat assessment, control auditing, vulnerability analysis, information gathering, correlating and reporting
    • Experience with information technology systems: Windows Server 2003/2008, Windows 7/8/10, Mac OS, Active Directory, LINUX/AIX/UNIX, TCP/IP, LAN/WAN, VPN, NAC
    • Knowledge of operation risk assessment methodology, mitigation development, monitoring and reporting
    • Technical knowledge and experience in network architecture, design, and configuration as well as network routing, firewalls, intrusion detection systems, VPN, internet filtering, anti-virus technology, application security, secure email gateways, and PCI and GLBA compliant environments
    • Proficient with Microsoft Office applications, Adobe Acrobat, Visio and the Internet


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed