Senior Information Security Analyst

DLP, Data loss prevention, Data security, Documentation, Vulnerability management, Risk assessment, Security, Policies and procedures, Reporting, Compliance, Communication skills, IT audit, IT security, Information security, IT risk management, Governance
Contract W2, 6 Months
$60 - $80
Travel not required

Job Description

Our direct client is seeing a Information Security Analyst.  One Jr. and one Senior. This job will start remote however when they decide to return to the office you must be local and vaccinated.

The Information Security Senior Analyst’s role is to support the ongoing development, implementation and development of Information Security program. We are looking for a Senior Information Security Analyst with experience in a variety of Information Security domains that include but are not limited to: Access Management, Vendor Risk Management, Data Loss Prevention (DLP), security event 

The Information Security Senior Analyst’s role is to support the ongoing development, implementation and development of Information Security program. We are looking for a Senior Information Security Analyst with experience in a variety of Information Security domains that include but are not limited to: Access Management, Vendor Risk Management, Data Loss Prevention (DLP), security event response, policies and procedures, information security training and awareness, metrics and reporting, governance, oversight, compliance, administrative and technical controls and defenses, and project management.

The Information Security Senior Analyst will report to the Chief Information Security Officer and will serve as a leader in Segal’s Information Security Program. The role will interface with colleagues throughout the organization including the Technology and Security Services group within IT, as well as IT Applications. In addition, the Information Security Senior Analyst will collaborate with, and serve as a resource and advisor to Data Security Committee and its members

Response, policies and procedures, information security training and awareness, metrics and reporting, governance, oversight, compliance, administrative and technical controls and defenses, and project management.

Responsibilities:

  • Serve as a senior leader in Segal’s Access Management Program initiatives and evolution.
  • Serve as a senior leader in Segal’s Vendor Risk Management Program initiatives and evolution.
  • Interface with clients as warranted to represent Segal’s Information Security program and capabilities in correlation with client requirements.
  • Coordinate and track Information Security related third party audits and assessments (e.g. SOC2, HIPAA Security Rule Compliance, penetration and vulnerability tests) including scope of audits, timelines, and outcomes.
  • Generate and maintain Information Security reporting metrics including preparing metrics for presentation to senior company management.
  • Serve as a senior leader in Segal’s Data Loss Prevention (DLP) program including program evolution, event investigation, and metrics generation.
  • Leverage auditing controls and processes to evaluate ongoing compliance with regulatory and client requirements which include but are not limited to: SOC2, NYSDFS, DOL Cybersecurity Guidelines, as well as  Information Security Policies and Procedures.
  • Generate and maintain status reports and metrics on any required remediation efforts that result from Risk Assessments, Analysis, Vulnerability, and Penetration Assessments.
  • Coordinate with Technology and Security Services and IT Applications management to ensure technical systems and controls are aligned with Segal and client information security goals and requirements.
  • Contribute to the development, maintenance, and delivery of information security awareness content and programs.
  • Create, develop and maintain comprehensive information security documentation, and policies and procedures to be leveraged in responding to client and auditor security inquiries, as well as for  marketing purposes.
  • Provide project management for security related projects including but not limited to policies and procedures development, proposal language maintenance and audits.
  • Serve as an integral part of the IT Computer Security Incident Response Team (CSIRT). Coordinate Incident Response procedures including but not limited to identification, fact gathering, and documentation.
  • Monitor, investigate, interpret, correlate and evaluate Information Security alerts that are generated by  various Security infrastructure components and services.
  • Monitor IT security industry trends, issues, and emerging technologies. Advise, counsel, and educate IT management on their relative importance and impact.

Experience:

Minimum of 5 years of full-time work experience in Information Security, including recent experience with security programs (i.e. Data Access Management, Vendor Risk Management, Compliance, Data Loss Prevention, Vulnerability Management, metrics and reporting, policies and procedures, audits, governance, oversight, etc…) and technology (i.e. Intrusion Prevention Systems, e-mail and web filtering, identity and access management, Mobile Device Management, etc…). In-depth understanding of Information Security concepts. Knowledge of the security compliance requirements for HIPAA, SOC2, NYSDFS, etc…. Experience supporting related functions (such as IT audit, IT Risk Management, regulatory compliance). Experience with the development and implementation of enterprise security architectures and programs. A strong background in IT architecture and operations, with a solid understanding of security and auditing systems as well as networking protocols. Project management experience required. Strong communication, documentation, and presentation skills required. Bachelor's Degree in a related field or equivalent experience.

 

  

Dice Id : datacny
Position Id : 7189066
Originally Posted : 3 months ago
Have a Job? Post it