Job Title
Information Security Analyst (GRC & Operations)
Location
Support Center - Las Vegas, NV 89119 US (Primary)
Job Type
Full-time
Category
Information Technology
Education
Job Description
WHSmith North America has an exciting opportunity for an Information Security Analyst to join our team in Las Vegas, NV!
As the
Information Security Analyst, you will support and secure our current and future cyber infrastructure while playing a key role in our Governance, Risk, and Compliance (GRC) program. This hybrid role blends hands-on security operations with compliance, training, and continuous control assessment responsibilities.
What You'll Do
- Secure the organization's systems and information assets by applying cybersecurity best practices and protecting against unauthorized access, modification, or destruction.
- Partner with end users and department leaders to identify security needs and embed appropriate controls across business units.
- Deploy, integrate, and configure new and existing security solutions in line with standard operating procedures.
- Serve as a Tier 1 responder for cybersecurity alerts and remediations - triage, contain, escalate, document, and investigate problematic or anomalous activity.
- Support vulnerability assessments and penetration testing and coordinate timely remediation of identified weaknesses.
- Administer periodic access reviews to enforce least privilege.
- Support the global cybersecurity compliance program, maintaining alignment with frameworks such as NIST CSF, CIS Controls, ISO 27001, and PCI DSS.
- Perform continuous control assessments, document evidence, identify gaps, and report findings to key stakeholders.
- Maintain the risk register, control catalog, and support policies, standards, and procedures; assist with internal/external audits, third-party risk reviews, and ongoing monitoring.
- Deliver corporate cybersecurity training - new-hire onboarding, annual refreshers, role-based training, and phishing simulations.
- Manage training and awareness metrics (completion rates, click/report rates, repeat offenders, behavioral trends), report results to leadership, and coordinate remedial training with HR, IT, and managers.
- Foster a culture of security consciousness across the organization.
Compensation: $62,000 - 80,000
MORE REASONS TO JOIN THE WHSMITH NORTH AMERICA TEAM
- Excellent Medical, Dental & Vision Insurance, Life Insurance, Short & Long-Term Disability Insurance
- Competitive Compensation
- Exceptional Time-Off Benefits including FTO and Holidays
- Growth opportunities and opportunities for career development
- 401k with company match
- Employee Assistance Program
- Commuter Benefits
- Incredible Employee Discounts through our Discount Marketplace!
About WHSmith North America
WHSmith is a leading global travel retailer with over 1,700 stores across 30 countries worldwide. WHSmith North America, incorporating Marshall Retail Group (MRG) and InMotion, represents over half of the Company's international store estate, with a collection of attractive, successful specialty retail stores located in airports and resorts across North America.
EEO/ADA/DFWP
WHSmith North America is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sexual orientation, national origin/ancestry, age, gender identity, gender expression, military/veteran status, marital status, disability status or any other basis prohibited by law.
Job Requirements
- Education: Bachelor of Science in Cybersecurity or a related field, or equivalent hands-on experience.
- Experience: 1-2 years of experience or internships in cybersecurity, IT, or GRC - or a strong academic background with relevant projects, certifications, or lab work.
- Frameworks & standards: Foundational understanding of common cybersecurity frameworks such as NIST CSF, CIS Controls, ISO 27001, or PCI DSS, and an interest in growing into continuous control assessments and compliance work.
- Security operations & EDR: Exposure to endpoint security or EDR tooling and a basic understanding of alert triage, escalation, and incident documentation; willingness to learn Tier 1 response workflows.
- Vulnerability & access management: Familiarity with vulnerability scanning concepts, remediation tracking, user access reviews, and least-privilege principles.
- Risk, policy & audit: Awareness of risk management and policy concepts, with an interest in supporting control assessments, evidence collection, and audit activities.
- Security awareness & training: Interest in helping build and deliver cybersecurity awareness content (onboarding, annual, phishing simulations) and tracking basic training and phishing metrics.
- Communication: Clear written and verbal communication skills, with the ability to explain technical topics to non-technical coworkers.
- People & soft skills: Approachable, collaborative, and customer-service oriented - comfortable working across departments, building trusted relationships, and engaging users with patience and empathy (especially when coaching on phishing, training, or access topics). Strong teamwork, active listening, and a positive, professional demeanor.
- Mindset: Curious, detail-oriented, and eager to learn - comfortable asking questions and growing into broader security and GRC responsibilities.
Additional Requirements
- Frequent sitting
- Limited standing, walking, climbing, crouching, bending, pushing, or pulling
- Limited travel or overnight
- Occasional travel or overnight
- Frequent travel or overnight; including international
- Normal or corrected vision and hearing
- Can distinguish varying or specific colors, patterns, or materials
- Fluency in English is required for training, customer interactions, and ensuring compliance with company policies and procedures
- Typically, indoors
- Typically, at a consistent temperature
- Lift 0-25 lbs.
- Use of fine motor hand functions