Sr. Analyst, Information Security

Summary

The information security analyst is a member of the information security team working closely with IT Security Manager to implement a comprehensive information security program. This includes defining security policies, processes and standards.

Responsibilities

• Partners with the IT department to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.
• Responsible for maintaining the Identity & Access Management program, standards for delivering enterprise-wide Identity, Access, Directory and Authentication Services for employees, vendors and members with the capability to support cloud and on-premise application services.
• Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
• Participate in Incident Response process including working with technical resources and vendors to gather information. Complete necessary documentation, and report findings to management. Recommend remediation strategies.
• Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Advises security administrators on normal and exception-based processing of security authorization requests

Qualifications: Successful candidates will be able to meet the qualifications below with or without a reasonable accommodation.

Education Qualifications (from an accredited college or university)

• High School Diploma with 5-7 years of progressive technical and operational support experience required
• Bachelor's Degree in related field, such as Computer Science preferred

Experience Qualifications

• 1 or More Years experience with a broad range of exposure to InfoSec aspects, including security controls, baselines standards, general business planning, systems analysis, system development, maintenance, and application development preferred
• 4 or More Years experience with information security, regulatory compliance and risk management concepts preferred
• 1 or More Years working with Security Operations Center environment preferred
• Demonstrates comprehensive knowledge and understanding of Information security principles, general and IT controls (e.g., access controls, risk management, change management), related security policies and procedures. preferred
• Exhibits knowledge of industry regulatory standards and accreditation requirements or control frameworks (HIPAA, PCI, NIST, Red Flags, ISO 27000 series) preferred

Licenses and Certifications

• CISSP Certified Information Systems Security Professional preferred
• Certified Ethical Hacker (CEH) preferred
• Certified Information Security Manager (CISM) preferred
• CompTIA Security+ or GSEC: SANS GIAC Security Essentials preferred

Physical Requirements

If there are business needs, flexible availability and willing to work after normal business hours. Additionally, during outages and other technical issues, these resources must be willing to work after normal business hours, around the clock to mitigate these issues - sometimes working 20-30 straight hours.

Ability to lift servers up to 50lbs 5% of Time

Travel

Ability to travel up to 5%