Information Security Analyst

Location: Albany | Boston | Norwalk | Rochester

Datto protects business data and provides secure connectivity for tens of thousands of the world’s fastest growing companies. Datto’s Total Data Protection solutions deliver uninterrupted access to business data on site, in transit and in the cloud. Thousands of IT service providers globally rely on Datto’s combination of pioneering technology and dedicated services to ensure businesses are always on, no matter what. Datto is headquartered in Norwalk, Connecticut and has offices in Monroe, Rochester, Boston, Portland, Toronto, London, Singapore, Sydney, Frankfurt, and Amsterdam. Learn more at

The Information Security Analyst is responsible for supporting/operating a risk-based compliance program as well as practice protection guidance with respect to applicable regulatory areas. The Information Security Analyst will be responsible for developing policy, process and procedure as well as identifying cyber risks, advancing the information security program and monitoring for compliance. Due to the nature of the work the individual needs strong analytical, communication, controls and risk assessment skills.

Primary Responsibilities:

  • Understand the needs and implications of the various legal, privacy, and regulatory bodies that impact our business and ensure they are addressed (i.e. HIPAA, GDPR, etc.)
  • Manage the requirements and achievement of appropriate certification programs surrounding information security (i.e. SOC2, NIST, ISO, etc.)
  • Support external and customer audit requests
  • Conduct risk management activities and deliver metrics and reporting
  • Maintain a constant understanding of the cyber threat and regulatory landscape for the company; translate that knowledge to identification of risks and actionable plans to protect the business
  • Monitor compliance of information security policies and procedures among employees, contractors, partners and other third parties
  • Act as a subject matter expert to other teams and assist in the design, assessment, implementation, deployment and maintenance of security controls and processes
  • Review security control effectiveness and compliance on an ongoing basis
  • Create and implement training plans to promote security awareness among employees
  • Communicate the information security program to customers and their end users
  • Perform other related duties as assigned by management and adhere to all company policies and procedures


  • 5+ years of IT experience, with 3+ years Information Security
  • 2+ years of experience in performing risk assessment or IT audits
  • Industry certification, such as CISSP, CISA or CISM is highly desired
  • Experience developing and maintaining written security controls, compliance, and defining treatment strategies
  • Knowledge of common information security management frameworks
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls
  • Strong business acumen and project management capability, to manage multiple small projects

Here at Datto our people are our greatest asset, which is why we offer a comprehensive and unique benefits package. Above and beyond the typical medical, dental and vision, we also offer a generous 401k plan with a significant employer match, unlimited paid time off, educational reimbursement, fitness reimbursement, and travel subsidies for commuters. We have a patent rewards program and various other fun perks and fringe benefits, including free lunch every Friday in all of our offices globally.

Autotask is not accepting unsolicited assistance from search firms/employment agencies for this employment opportunity. Please, no phone calls or emails to any employee of Autotask about this opening. All resumes submitted by search firms/employment agencies to any employee at Autotask via-email, the Internet or in any form and/or method without a valid written search firm agreement in place for this position will be deemed the sole property of Autotask; no fee will be paid in the event a candidate is hired by Autotask as a result of the unsolicited referral or through other means.