Overview
Skills
Job Details
Reporting to the Director of IT Infrastructure, the Cybersecurity Analyst will utilize expertise in IT infrastructure and cybersecurity to drive programs forward while building and securing networks, systems, and applications. This role demands advanced knowledge and experience in hardware, software, networking, telecommunications, cloud infrastructure, as well as core cybersecurity principles and best practices. The ideal candidate will be highly motivated, proactive, enjoy challenges and problem-solving, and have a strong desire to take ownership of assigned responsibilities to enhance the organization s infrastructure and cybersecurity programs. This resource will be a 1 man security team so must be comfortable in all areas of security.
RESPONSIBILITIES AND ACCOUNTABILITIES
Principal Responsibilities and Activities
Infrastructure
Analyze existing IT Infrastructure and recommend changes aligned with the organization s cloud strategy, leading many of those projects or acting as the lead investigator.
Oversee the monitoring and assessment of all systems and formalize processes related to each, including system and server updates and improvements.
Diagnose system and network-related problems, lead resolutions, and design long-term solutions.
Lead incident response related to Infrastructure and Cyber events, reporting to IT Management throughout and recapping incidents.
Become an expert on the organization s IT infrastructure and business application stack and continually analyze these and emerging cyber threats to keep the environment secure.
Monitor IT infrastructure for threats and breaches and report out to IT Management.
Cybersecurity
Aid in defining, prioritizing, and executing the cybersecurity projects of the organization.
Design, architect, and implement defensive security controls across IT Infrastructure.
Identify and report on vulnerabilities and their risks across the organization, its business processes, and its infrastructure, through both independent analysis and annual cybersecurity assessments.
Utilize current skillset or develop the knowledge and skills to conduct internal security and vulnerability tests, such as penetration and phishing tests or simulations.
Lead the remediation of identified vulnerabilities from internal and external assessments.
Own, manage, and update cybersecurity policies and procedures, including the IT Cybersecurity Policy and the Incident Response and Disaster Recovery Policies.
Ensure that policies are aligned with the NIST Cybersecurity Framework and ensure controls are in place to enforce the policies.
Develop the organization s Incident Response Program and oversee regular disaster recovery testing and incident walkthroughs and simulations.
Play a key role in developing and managing the Disaster Recovery & Incident Response programs by owning and updating policies and overseeing testing, walkthroughs, and simulation schedules.
Take control of the Cybersecurity Awareness program and eventually take over the development of this program.
Create a vendor management program to evaluate vendors and their applications.
Act as the lead contributor for security audits, questionnaires, and assessments; build out and maintain a response repository to aid in future efforts.
KNOWLEDGE ABILITIES AND SKILLS DESIRED
Bachelor s degree in Cybersecurity, Information Security, or a Computer Science-related discipline.
At least 3 years of experience in Cybersecurity, Information Security, or IT Infrastructure roles.
Experience and knowledge with advanced cybersecurity concepts covering IT Infrastructure including networks, servers, and applications.
Knowledge of regulations such as GDPR, CCPS, and other emerging legislation.
Knowledge and experience with compliance frameworks, especially the NIST Cybersecurity Framework (CSF).
CISSP or CompTIA Security+ certification preferred.
Highly developed interpersonal and influencing skills; the ability to develop working relationships with individuals at all levels of the organization.
Excellent business and personal judgment developed through previous experience with interactions with people at all levels of the business.