Senior Information Security Specialist

Summary

Join Halcyon, a leading cybersecurity company, as a Senior Information Security Specialist. You will play a key role in enhancing our enterprise-wide security posture. Responsibilities include performing third-party risk assessments, supporting security testing, developing corrective action plans, collaborating with internal and external stakeholders, and assisting in policy development. You will also coordinate incident response planning and monitor security controls. This role requires 5+ years of experience in information security or IT risk management, a strong understanding of cybersecurity concepts, and excellent communication skills. Halcyon offers a remote-native work environment and a comprehensive benefits package.

Requirements

• 5+ years of experience in information security, GRC, or IT risk management
• Strong understanding of cybersecurity concepts, controls, and risk frameworks
• Demonstrated experience with third-party risk management processes and tooling
• Proven ability to coordinate security testing and vulnerability management efforts
• Excellent communication, documentation, and cross-functional collaboration skills
• Ability to assess and implement technical and administrative controls across cloud and hybrid environments
• Experience with regulatory compliance and audit support in fast-paced environments

Responsibilities

• Perform and maintain third-party risk assessments and track vendor remediation activities
• Support coordination and analysis of internal and external security testing, including vulnerability scans and penetration tests
• Develop, track, and follow up on corrective action plans for identified security gaps or audit findings
• Collaborate with managed security service providers and internal stakeholders to monitor and manage security events and escalations
• Partner with engineering and operations teams to ensure implementation of security and compliance requirements across the organization
• Assist in developing, maintaining, and communicating information security policies, standards, and procedures
• Coordinate security incident response planning, disaster recovery testing, and business continuity exercises
• Monitor and support enforcement of technical and administrative security controls across the enterprise
• Stay current with evolving security and privacy regulations and frameworks (e.g., SOC 2, ISO 27001, TX-RAMP, FedRAMP)

Preferred Qualifications

• Hands-on participation in incident response or disaster recovery exercises is a plus
• Experience with compliance platforms (e.g., Drata, Vanta)
• Knowledge of security frameworks beyond SOC 2 and ISO 27001, such as NIST 800-53 or CIS Controls
• Familiarity with secure software development practices or DevSecOps principles
• Background in auditing or supporting third-party security assessments
• Experience with Microsoft 365 and/or Google Workspace security configuration
• Exposure to regulatory environments such as HIPAA, GDPR, or CCPA
• Certifications such as CISSP, CISA, CISM, Security+, or similar are a plus

Benefits

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents
• 401k plan with a generous employer contribution
• Short and long-term disability coverage, basic life and AD&D insurance plans
• Medical and dependent care FSA options
• Flexible PTO policy
• Parental leave
• Generous equity offering