About NopalCyber
NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense.
AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time.
Our service packages are tailored to client needs and budgets, with external threat analysis provided at no cost - democratizing access to enterprise-grade cybersecurity for all.
Role Purpose
The Security Analyst in the vCISO practice is a technical and governance role, responsible for supporting clients in day-to-day security operations, coordination, and solution execution.
This role bridges strategy and execution, combining hands-on technical understanding with consulting support to ensure security initiatives are effectively implemented and tracked.
Requirements
Key Responsibilities- Support day-to-day security operations across cloud, on-premises, and network environments.
- Assist with security alerts closure, coordinate with SOC/infra teams, and track incident response actions.
- Assist in managing and supporting security technologies (firewall, endpoint, IAM, cloud) at a coordination level
- Track vulnerabilities, misconfigurations, and remediation progress across environments.
- Maintain and update risk registers, including tracking remediation status and aging
- Track security initiatives, action items, and overall remediation activities to ensure timely closure.
- Coordinate with internal teams, clients, and SMEs to drive execution and resolution of security tasks
- Maintain visibility of ongoing work-streams (projects, audits, remediation activities)
- Support control validation, evidence collection, and audit/compliance activities
- Assist in completing security questionnaires and third-party assurance requests.
- Support policy tracking, control mapping, and governance documentation
- Prepare periodic dashboards, metrics, and reports for vCISO and client reviews
- Track KPIs, KRIs, and SLA adherence across engagements
- Provide structured updates and input for governance meetings and reporting.
- Document processes, procedures, and governance artifacts to ensure consistency and traceability
Qualifications & Experience
Education
- Bachelor's degree in engineering, IT, or related field
Preferred Certifications
- ISO 27001
- CompTIA Security+ (or equivalent)
- Cloud certification (AWS, Azure, or GCP – foundational level preferred)
Professional Experience
- 2-4 years in cybersecurity, GRC, audit, or IT support roles
- Exposure to compliance frameworks or audit processes
Core Skills & Technical Expertise
- Basic understanding of ISO 27001, NIST CSF, or similar frameworks
- Familiarity with risk management and compliance tracking
- Exposure to GRC tools or structured tracking (Excel-based)
- Basic understanding of cloud and security concepts
- Strong reporting, documentation, and data handling skills
Personal Attributes
- Good attention to detail
- Strong coordination and follow-up skills
- Structured and process-driven mindset
- Ability to manage multiple tasks across clients
- Willingness to learn and grow in cybersecurity domains
