Apply on Employer Site

Sandy Hook Promise · 3 days ago

IT Security Analyst

United States

Full-time

Remote

Mid Level

$80K/yr - $90K/yr

3+ years exp

Sandy Hook Promise (SHP) is a national nonprofit organization dedicated to preventing violence in schools and communities. They are seeking an IT Security Analyst to protect organizational data and systems through cybersecurity controls, focusing on threat detection and regulatory compliance.

AssociationNon Profit

Growth Opportunities

Responsibilities

Lead Cybersecurity Strategy & Governance: Develop and execute a comprehensive security roadmap aligned with Zero-Trust principles, organizational goals, and regulatory frameworks (CIS, NIST, ISO 27001, GDPR, HIPAA, PCI DSS)

Risk Management & Compliance: Maintain the enterprise risk register, conduct periodic risk assessments, and oversee remediation of identified vulnerabilities to strengthen resilience

Cloud & SaaS Security Oversight: Harden and manage Microsoft 365 tenant security (MFA, conditional access, DLP, encryption, data residency) and perform ongoing security reviews of third-party SaaS vendors and integrations (e.g., Salesforce)

Endpoint & Remote Workforce Protection: Ensure secure device configurations, patch management, and endpoint compliance across a fully remote workforce

Threat Detection & Incident Response: Monitor, investigate, and respond to security alerts using Microsoft Sentinel and Defender; conduct root-cause analyses and coordinate cross-functional incident response and recovery

Vulnerability & Threat Management: Lead proactive testing (penetration, vulnerability, phishing simulations) and maintain continuous threat-intelligence monitoring

Security Architecture & Continuity Planning: Support data-protection, backup, and recovery strategies; participate in business-continuity and disaster-recovery planning and exercises

Policy, Documentation & Reporting: Maintain audit-ready security documentation; generate dashboards and KPIs that measure security posture, compliance, and incident trends

Training & Awareness: Develop and deliver cybersecurity training programs to promote a security-first culture and reduce organizational risk through education

Collaboration & Advisory Support: Partner with IT, Programs, and Operations to embed security in project design and technology adoption; advise on security implications of new initiatives

Other duties as identified given organizational needs

Qualification

Microsoft security toolsThreat detectionIncident responseCompliance frameworksIdentity managementEndpoint protectionAnalytical skillsTraining developmentVendor security assessmentsPowerShell scriptingKQLProblem-solving skillsCommunication skillsCollaboration

Required

A commitment to SHP's mission and values

3+ years of experience in IT security, cybersecurity operations, or related roles

Hands-on experience with Microsoft security tools (Defender, Sentinel, Intune, Entra ID/Azure AD, Purview)

Strong understanding of identity management, endpoint protection, threat detection, and incident response

Familiarity with compliance frameworks (CIS Controls, ISO 27001, or similar)

Excellent analytical and problem-solving skills; ability to communicate technical issues to non-technical audiences

Preferred

Microsoft certifications such as SC-200 (Security Operations Analyst Associate), SC-300 (Identity & Access Administrator), AZ-500 (Security Engineer Associate), or MS-500 (Security Administrator)

Experience supporting cybersecurity in nonprofit or resource-constrained environments

Knowledge of PowerShell scripting, KQL (Kusto Query Language), or automation in Microsoft Sentinel

Experience with vendor security assessments and SaaS risk management