Information Security Analyst

Information Security Analyst DCM Services - 3.4 Bloomington, MN Job Details $65,000 - $85,000 a year 16 hours ago Qualifications ISO standards Regulatory compliance SOC 2 Change management Information security compliance

Full Job Description Description:

About DCM Services DCM Services is a leading provider of financial services solutions, specializing in account resolution and customer engagement. With decades of industry experience, DCM partners with top financial institutions to deliver compliant, people-first services. The company is committed to building a secure, well-governed information environment grounded in

ISO 27001/2

standards — and this role sits at the heart of that mission. The Information Security Analyst assists in developing, implementing, and certifying an Information Security Management System (InfoSec Program) based on

ISO27001/2

standards. You'll own documentation, access management, audits, phishing tests, vendor compliance, and more — working cross-functionally to keep the company's security posture strong.

Requirements:

Key responsibilities Manage and review events, access levels, and scorecard metrics; respond to auditor questionnaires about the company's security posture Maintain the InfoSec program document lifecycle so documentation reflects current controls and risk mitigations Manage access tickets for new hires, changes, and revocations; keep the Profile Definition Matrix current Conduct monthly phishing tests, summarize results, and recommend risk-reduction actions Coordinate and document annual Business Continuity Plan table-top exercises for Operations Support and Accounting Participate in client audits end-to-end and drive remediation of IT and information security findings Audit Support-level vendors for compliance with the company's Vendor Management Program Participate in weekly email DLP quarantine monitoring rotation and partner with IT on firewall reviews Review weekly physical access swipes to secure areas and ensure ticket-based owner approval Qualifications Associate's degree in a related field, or 4+ years of experience in IT, QA, Compliance, or Accounting Demonstrated strong technical writing ability Basic awareness of

ISO/IEC 27001, PCI DSS, NIST SP800-53, SOC

1, and SOC 2 frameworks Familiarity with HIPAA/HITECH, GLBA, and CCPA regulatory requirements Awareness of security architecture principles, change management, disaster recovery, and business continuity concepts Ability to manage multiple priorities, work independently, and communicate effectively in a cross-functional environment Certifications not required, but interest in pursuing CISSP, CISA, CISM, CRISC, or CompTIA credentials is a plus. Physical & travel requirements Prolonged periods of computer work Up to 5% travel outside local area, including occasional overnight Ability to travel to the office upon request or for business needs Ability to lift up to 15 lbs occasionally #DCMHP1