Posted in

Senior Analyst – Cyber Security

Senior Analyst – Cyber Security

CompanyThe Andersons
LocationPerrysburg, OH, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s, Master’s
Experience LevelSenior, Expert or higher

Requirements

  • Bachelor’s Degree in Business Administration, Computer Science or related field required
  • Master’s Degree preferred
  • 5-10 years’ relevant experience required
  • Experience in IT regulation and compliance standards, such as PCI/DSS, NIST CSF 2.0/ NIST 800-53, CIS Critical Security Controls
  • Practical use and implementation of solid knowledge of information security principles and practices for a public corporation
  • Understanding of IT methodologies, such as software development lifecycle and ITIL operations
  • Exposures in IT security baseline and procedures development
  • Experience in design and implementation of Microsoft Sentinel and Arc
  • Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent are required.

Responsibilities

  • Work with business units and other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
  • Manage completion of information security operations documentation, including policy development.
  • Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
  • Play an advisory role in application development, infrastructure engineering and/or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.
  • Assist and manage with enterprise-wide risk assessment processes.
  • Drive cross-functional remediation of previously identified security risks and close out pending action plan.
  • Proactively collaborate with service providers to understand operational findings and drive the appropriate company response.
  • Architect, develop, deploy and support information security systems and solutions such as strong authentication, key management, IPS, SIEM, antimalware, and others.
  • Interact with internal and external customers on security-related projects and operational tasks.
  • Participate in 24×7 Information Security Response team.
  • Report to company management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
  • Performs security due diligence assessments with vendors and contractors.
  • Researches, evaluates, and recommends information security related hardware and software, including developing business cases for security investments.
  • Manage services to analyze, monitor, track and report behavior/tasks logged by assets in the form of incidents to ensure the company is protected from any potential leaks or malicious activities.
  • Read and understand system data, including, but not limited to, security and network event logs, syslogs, and firewall logs.
  • Propose changes/improvements to the processes and procedures that will improve operational efficiency, provide better service, etc.
  • Participate in the security awareness training program review and development.
  • Perform risk and security assessments to identify control weaknesses and recommend remedial actions for any issues found. Manage and track competition of remedial actions.
  • Manages relationship with the audit groups (both internal and external). Provides information as requested, receives audit findings, and manages the collection of responses and remediation plans with owners.
  • Maintains an awareness of existing and proposed security standard setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommend appropriate changes. Works with other groups and assists in the development of security architecture and security policies, principles and standards.
  • Develop and maintain an open and candid relationship with the management through regular contact to discuss all important matters and to make suggestions for improvement.
  • Seek out and identify new opportunities for reducing cyber corporate risk.

Preferred Qualifications

  • Strong analytical and problem-solving skills.
  • Foster and support a collaborative, harmonious team environment that raises information security knowledge for everyone.
  • Critical thinking and strong judgment skills.
  • Successful relationship management skills.
  • Excellent presentation and communication skills.
  • Ability to successfully negotiate and resolve conflicts.