The Information Security Analyst III leverages experience in information systems and security to assist with the development of policies and governance that adapt to changing threats over the long term. The Information Security Analyst III assists with Information Security Engineering in the development of architectures, solutions, and standards. In addition, the Information Security Analyst III works with other Company teams to promote secure designs and practices across the company that mitigate risks and meet business objectives and regulatory requirements.
Security Governance Risk & Compliance - Establish and maintain self-audits, policies, and procedures to provide assurance that information security strategies are aligned with applicable laws and regulations through adherence to internal controls.
- Actively review the security landscape and develop/review security policies and procedures to address new regulation, threats or best practices
- Serve as the subject matter expert and point of contact for governance, risk, and compliance related tools
- Lead the development, maintenance, and revision of policies, standards, procedures, and guidelines of security programs, governing technology, and business processes
- Understand and review existing self-audits, recommend new self-audits based on new applications, services, threats, regulation or best practices and tracks remediation
- Plan and manage the development of end user security training and awareness program
- Partner effectively with the Information Security team to communicate new policies and spread general awareness about policy set
- Setup and manage IT self-audits using GRC tool
- Maintain risk register Threat Management - Ability to understand security threats and their risk to the organization.
- Recommend periodic security assessments, vulnerability, and penetration tests
- Assist in the analysis of security assessment results and development of management summary
- Assist IT groups in their understanding of the security assessment results and the remediation steps for low medium complexity issues
- Lead the tracking of any remediation required due to security assessments / tests
- Participate in Security Risk Management (SRM) assessments to evaluate the design and efficacy of security controls at subsidiary companies
- Conduct annual Cybersecurity Awareness Month program and consistently promote good security practices
- Host "Knowledge Share" presentations to raise awareness of security initiatives, and champion compliance and effective security practices Security Roadmap – Ability to guide the organization in the development of the Security Program Roadmap.
- Contribute to the development of the Security Program Roadmap Security Engineering - Architects and implements security technologies.
- Seek, suggest, and recommend new ideas for continuous improvements in work processes and results
REQUIRED & PREFERRED QUALIFICATIONS
- Bachelor’s Degree or equivalent work experience in a related field required
- 5+ years’ experience in an Information Security Compliance role to include experience in assessing and recommending internal application and infrastructure controls required
- Must be self-motivated and able to work independently, with minimal supervision and as part of a team
- Professional security management certification, such as a ISC (2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), GIAC-Security Expert (GSE), or Certified Information Security Auditor (CISA) highly desirable
- Knowledge and experience with common Information Security management frameworks and best practices required, experience with the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls preferred
- Knowledge and experience with security infrastructures (e.g. Firewalls, IDS/IPS, VPN, Web Content Filters, Proxies, DLP, SIEM, Log aggregation correlation technologies) required
- General understanding of technical infrastructure (Active Directory, Applications, various Operating Systems, etc)
- Detail oriented with excellent interpersonal communication skills
- Expected to partner, collaborate, and mentor effectively with other teams on an ongoing basis
- Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective solutions
- Strong organizational skills and ability to multi-task in an enterprise business environment. Ability to manage/track completion of projects and remediation tasks
- Outstanding technical documentation skills
- Strong written, verbal and presentation communication skills and ability to communicate at all levels within an organization