Information Security Analyst

An inclusive work environment is an empowering one. At Cutover, we lead with empathy and enable others to succeed through curiosity, kindness, and self-expression.

Location: US, remote (CST or EST time zone), willing to travel to New York office for audits as required

We regret that we are unable to provide work visa sponsorship at this time.

Cutover provides enterprise technology operations teams with an AI-powered SaaS solution that automates and streamlines complex processes with intelligent runbooks. The Cutover solution enables teams to respond to incidents quickly, recover from IT outages, and manage cloud migrations with precision and efficiency. Cutover is used in many of the world's largest financial institutions to support their critical technology operations, including 5 out of the top 6 largest asset managers and 3 out of the top 5 US banks.

What does this role mean to us?

We are looking for a versatile, proactive mid-Level Security Analyst to join our lean but high-impact security team. This “generalist” role offers a 360-degree view of Information Security and is designed for someone who thrives on variety—one day you’ll be leading a SOC 2 audit, and the next you’ll be triaging a security alert or refining our AWS security posture.

As a key member of a small team, you won’t just be following a playbook; you’ll be writing it. You will have significant autonomy and the power to influence our global security strategy directly.

What will you be doing as our Information Security Analyst?

• Compliance & Audit Leadership: Support the maintenance of our compliance frameworks, specifically ISO 27001 and SOC2 Type II. You will need to be comfortable being a primary point of contact for external auditors.
• Client Assurance: Own the end-to-end process for Client Audits and Security RFIs, translating our complex technical controls into clear, professional, and digestible responses for stakeholders.
• Cloud Governance: Apply a GRC lens to our cloud environment, ensuring that our AWS infrastructure aligns with best practices (CIS benchmarks) and triage alerts in line with our internal risk appetite.
• Incident Management & Triage: Monitor security tools and act as a first-to-second responder for alert triage. You’ll manage the lifecycle of security incidents, from discovery to post-mortem.
• Third-Party Risk Management: Conduct thorough due diligence on suppliers, integrations , ensuring our supply chain meets our rigorous security standards.
• Risk-Based Decision Making: Conduct risk assessments across the business, providing actionable advice that balances security requirements with operational efficiency.
• Security Automation: Identify opportunities to automate manual GRC and SecOps tasks to increase the team's velocity.

What we’d like you to bring to the table…

• 3-5 years experience in Information Security, with a proven track record in a ‘full stack’ security or GRC role
• Experience triaging alerts (CSPM/SIEM/EDR), incident management and a foundational understanding of cloud native security tools
• You enjoy creating processes where none exist and can move from "problem identified" to "solution implemented" independently.
• You’ve led SOC2 or ISO27001 audits and know how to manage evidence collection, auditor expectations and communicate to stakeholders effectively.
• Relevant certifications are a plus (CISA, CISSP), but we value functional experience and the ability to apply security principles to real-world business problems above all else.

The good stuff…

• We're excited to offer Share Options as part of our compensation package.
• 20 days of PTO per year + public holidays, and we want you to take all of them!
• 3 volunteer days to use for any charitable/voluntary cause you would like.
• A top-tier private health insurance package.