Information Security Analyst

Seeking a fully remote, contract-to-hire Information Security professional to manage and execute projects around risk management, compliance, and security strategies. In this role, you'll develop policies and procedures, perform security assessments, and ensure the effectiveness of security solutions. You'll also support internal teams, provide consultative services, and help safeguard the company's infrastructure and data. This position involves collaborating with various stakeholders to manage security risks, enforce policies, and educate teams on security best practices.

Contract Duration: 6 months
Required Skills & Experience

• Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms.
• Strong computer skills in order to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABC
• Working knowledge of network solutions and systems
• Good analytical and problem-solving skills
• Ability to communicate effectively both orally and in writing
• Good interpersonal skills
• Ability to prioritize workload and consistently meet deadlines
• Strong organizational skills; attention to detail
• Ability to communicate effectively with both technical and non-technical leaders
• Able to identify potential risks and propose solutions
• Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
• Demonstrated sound understanding of at least 2 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST and PCI.
• Certification in at least 1 Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and business experience in a matrix Organization required.
• Directly applicable International / Global Experience desired

What You Will Be Doing

Daily Responsibilities

• Bachelors Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
• 5-7 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and 2-3 years of experience with IT security and Cyber Risk Management.
  Experience designing and implementing security solutions.
• Manages and performs regulatory and security assessments on various business units across the company.
• Provides strategic and tactical suggestions and consultation on information security (policies, procedures, standards) and compliance.
• Participates in security planning and analyst activities.
• Monitors compliance with security policies, standards, guidelines and procedures.
• Assists in the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting and escalation.
• May engage directly with the business to gather a full understanding of risk scope and business requirements.
• Works with customers to identify security requirements using methods that may include risk and business impact assessments.
• Works directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
• Participates in the continued improvements of a Global Risk Framework.
• Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
• Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps.
• Assists/performs or leads the security assessments and performs security attestations.
• Leads and reviews application security risk assessments for new or updated internal or third-party applications.
• Maintains contact with vendors regarding security system updates and technical support of security products.
• Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information.
• Conducts knowledge transfer training sessions to security operations team upon technology implementation.
• Provides ongoing knowledge transfer to team members and clients on security products and standards.
• Mentors less-experienced team members.
• Performs related duties as assigned.