Information Security Analyst
Full Time Position
Our client is in search of a well-rounded information security analyst to lead the security efforts of the organization.
The ideal candidate will have a good base understanding of networks, Windows/PC, end point, and firewall security.
This position will implement and develop the security program. Which will include security policies, processes, and standards.
- Works with the IT team and other business units to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
- Business system analysis.
- Communication, facilitation and consensus building.
- Assists in the coordination and completion of information security operations documentation.
- Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
- The Security Analyst will be concerned with residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Plays an advisory role in application and/or web development projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle, to include opt-in processing and data privacy rules.
- Works within the IT department to identify, select and implement technical controls.
- Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
- Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.
- Manage third party Penetration Testing and Vulnerability Assessments
- Develops a common set of security tools. Defines operational parameters for their use and conducts reviews of tool output.
- Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, host-based security systems, and email systems.
- Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
- Participates in security investigations and compliance reviews, as requested by internal or external auditors.
- Acts as a liaison between incident response leads and subject matter experts.
- Monitors daily or weekly reports and security logs for unusual events.
- 5+ years of IT or network security experience.
- Bachelor's degree in information systems or equivalent work experience.
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.
- Proficiency in performing risk, business impact, control and vulnerability assessments.
- Strong understanding of business applications, including ERP, email, and financial systems.
- Excellent technical knowledge of mainstream operating systems [for example, Microsoft Windows and SAP and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards.
- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Strong written and verbal communication skills.
- A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships
About Jones Grove
Jones Grove brings over 25 years of dedicated Information Technology recruiting to the marketplace and that has led us to place virtually every function within an IT organization.
Located in Charlotte, NC, Jones Grove partners with companies ranging from startups to Fortune 100’s.
Our clients are in top performing industries, including global manufacturing, consumer products, non-profit, retail, financial services and technology firms.
We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.