Analyst - Information Security

Contract: [[cust_TypeOfContract]]

Compensation: [[salaryMin]]

If you’ve worn a pair of glasses, we’ve already met.

We are a global leader in the design, manufacture, and distribution of ophthalmic lenses, frames, and sunglasses. We offer our industry stakeholders in over 150 countries access to a global platform of high-quality vision care products (such as the Essilor brand, with Varilux, Crizal, Eyezen, Stellest and Transitions), iconic brands that consumers love (such as Ray-Ban, Oakley, Persol, Oliver Peoples, Vogue Eyewear and Costa), as well as a network that offers consumers high-quality vision care and best-in-class shopping experiences (such as Sunglass Hut, LensCrafters, Salmoiraghi & Viganò and the GrandVision network), and leading e-commerce platforms.

Join our global community of over 190,000 dedicated employees around the world in driving the transformation of the eyewear and eyecare industry.

Discover more by following us on LinkedIn !

Your #FutureInSight with EssilorLuxottica

Are you willing to pioneer new frontiers, foster inclusivity and collaboration, embrace agility, ignite passion, and make a positive impact on the world? Join us in redefining the boundaries of what’s possible.

GENERAL FUNCTION

The IS Application Security Analyst supports the execution of the Vulnerability Management program by coordinating vulnerability assessments, penetration testing, and social engineering efforts. This role facilitates remediation across systems to reduce the organization’s attack surface, analyzes application security scan results, and ensures vulnerabilities are properly addressed through post-development testing. While not responsible for direct remediation, the Analyst collaborates with technical teams and leverages automated tools to validate fixes and maintain enterprise-wide security oversight.

MAJOR DUTIES AND RESPONSIBILITIES

• Monitor and analyze vulnerability data to identify and communicate technical risks across the organization.
• Support classification and impact assessment of newly discovered vulnerabilities.
• Conduct and assist with vulnerability assessments, penetration testing, and social engineering exercises.
• Provide threat intelligence updates, including attacker tactics, techniques, and procedures, to security teams.
• Review application security scan results with an understanding of code structures to offer actionable feedback.
• Assist in post-development testing to validate remediation of identified vulnerabilities.
• Coordinate and track remediation efforts across application, infrastructure, and operations teams to ensure timely resolution.
• Contribute to the strategic goals of the vulnerability management program.
• Aggregate and report findings from various scanning tools and platforms.
• Use IS tools (e.g., DLP, code scanners, external security profiles) to identify and analyze gaps in security controls.
• Participate in IT projects to ensure security is embedded by default and by design through the SDLC process.
• Build collaborative relationships across departments and with clients to support compliance and enhance satisfaction.
• Assist with regulatory and compliance activities, including audits, assessments, certifications, and client inquiries.
• Present vulnerability findings and risk assessments to IS leadership.
• Help identify and address capability gaps in vulnerability management services.
• Work with cross-functional teams to strengthen the organization’s security posture and integrate security into workflows.
• Pursue continuous learning to enhance effectiveness in supporting Information Security functions.

BASIC QUALIFICATIONS

• Bachelor’s degree in computer science, IT or equivalent
• 3+ years of experience in IT, Information Security, or Compliance
• Familiarity with major standards: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, and NIST
• Experience implementing compliance frameworks in financial services environments
• Broad understanding of IT hardware and software products
• Strong project management, presentation, communication, and writing skills
• Excellent analytical and problem-solving abilities
• Experience managing enterprise security and intrusion detection systems
• Ability to collaborate effectively across business and technology teams
• High-level understanding of application structures and code to assess and respond to scan results

PREFERRED QUALIFICATIONS

• Certified Information Systems Security Profession, PCI DSS, Certified HIPAA Privacy Security Expert, Certified Information Security manager, Global Information Assurance Certification, or related.
• Experience or knowledge with healthcare or health insurance
• Knowledge of CMS and HIPAA related vendor requirements
• Knowledge of Security SDLC tools

Our Diversity, Equity and Inclusion commitment​

We are committed to creating an inclusive environment for all employees. We celebrate diversity and provide equal opportunities to all, regardless of race, gender, ethnicity, religion, disability, sexual orientation, or any other characteristic that makes us unique.