Information Security Analyst

Information Security Analyst

Requirements

• High School diploma or equivalent
• Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, minimum five (5) years’ relevant experience will be considered.
• Professional security management certification (Certified Information Systems Security Professional (CISSP)) or other similar credentials desired.
• Minimum three (3) years’ experience conducting various system audits and working with external vendors, conducting information security risk assessments and/or experience related to information security, business continuity, or disaster recovery.
• Knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL.
• Detail-Oriented
• Critical thinking
• Strong analytical skills
• Problem sensitivity
• Ingenuity
• Project management skills
• Excellent communication skills
• Ability to build collaborative relationships.

Responsibilities

• Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle.
• Sets baseline configurations and monitor data governance.
• Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others.
• Provides/supports network monitoring solutions within SOC/SIEM implementation.
• Handles initial incident response functions.
• Provides limited consultation to support elements within this domain.
• Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets.
• Provides account security management and control across all account security systems.
• Manages privileged access management entitlement review/approvals.
• Conducts usage audits, verify removal and retired accounts, approve launcher requests, and provides end user support.
• Creates, modifies, deletes, and retires member accounts.
• Manages role entitlement process.
• Maintains Workday integration.
• Manages access management application/system updates and testing.
• Provides guidance to business partners for all information security-related issues and identified security risks.
• Creates, manages, and enforces information security policy.
• Provides oversight of framework compliance.
• Manages enterprise audit remediation and CAP management.
• Manages vulnerability management plan.
• Conducts anti-phishing campaigns.
• Conducts and manages the security awareness and training program.
• Manages the third party risk management program.
• Ensures information security is designed with confidentiality, integrity, and access in mind.
• Sets security requirements.
• Ensures system redundancy and fault tolerance.
• Sets standards for mobile and web security.
• Ensures security of IoT devices.
• Provides requested evidence/artifacts for all security-related assessments/audits.
• Coordinates and schedule security assessments required of the Enterprise.
• Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets.
• Applies information security concepts, techniques, and best practices to support incident response plans and capabilities.
• Conducts and supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns.
• Provides technical consultation as required.
• Oversees the static and dynamic scanning of internally developed software within the company and provide reports to ensure proper remediation of code vulnerabilities.
• Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable.

Preferred Qualifications

• System analysis experience preferred.
• Project management experience preferred.
• Data testing and/or software application testing preferred.