ABOUT US

We are a Connecticut-based Managed Service Provider (MSP) supporting a diverse portfolio of national customers across multiple industries. Our mission is to deliver high-quality IT services with a focus on innovation, security, and regulatory compliance. As part of our growth, we are seeking a dedicated Information Security Specialist to strengthen our security posture and support our customers’ compliance needs.

POSITION SUMMARY

The Information Security Specialist will play a key role in overseeing our security platforms, ensuring regulatory compliance, creating and enforcing security policies, and consulting directly with customers on security-related matters. This individual will also provide security support for the IT Services delivery team, assisting in the design and implementation of secure solutions. The ideal candidate will have the ability to work independently, manage multiple priorities, and serve as a trusted advisor to both customers and colleagues.

QUALIFICATIONS

Required:

• 3+ years of experience in information security or IT with a strong security focus.
• Hands-on experience with security platforms (SIEM, EDR, firewalls, IAM).
• Strong understanding of NIST CSF, NIST 800-171/800-53, ISO 27001, and CIS Critical Security Controls.
• Familiarity with HIPAA, PCI-DSS, SOC 2, and CMMC compliance.
• Proven ability to create security policies and manage compliance documentation.
• Excellent customer-facing consulting and communication skills.
• Ability to work independently and manage multiple priorities.

Preferred:

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
• Certifications: CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or Security+.
• Prior MSP or IT consulting firm experience.
• Cloud security knowledge (Microsoft 365, Azure, AWS).

• Ensure adherence to regulatory requirements including HIPAA, PCI-DSS, SOC 2, and CMMC.
• Implement and align practices with NIST Cybersecurity Framework (CSF), NIST 800-171/800-53, ISO 27001, and CIS Critical Security Controls (CIS Controls v8).
• Prepare documentation, audit responses, and compliance reports for internal and client-facing purposes.
• Draft, review, and update security policies, procedures, and standards.
• Oversee security platforms (endpoint protection, SIEM, firewalls, vulnerability management, MFA, IAM).
• Conduct risk assessments, vulnerability scans, and gap analyses against NIST, ISO, and CIS frameworks.
• Advise customers on compliance with NIST, ISO 27001, CIS Controls, and regulatory frameworks.
• Deliver customer-facing training and provide compliance roadmaps.
• Serve as a security resource for the IT Services delivery team.
• Mentor team members on compliance, frameworks, and control implementation.