Stefanini Group is Looking for a IT Security Analyst in CA.
Security Risk Assessments
Works with customers to identify security requirements, using methods that may include risk and business impact assessments.
Gathers security information within the various stages of the system development process.
Periodically validates and verifies security controls are working as designed.
Interfaces with staff from various departments communicating security issues and responding to requests for assistance and information.
Provides guidance for security activities to application development efforts.
Measures their performance against service-level agreements (SLAs).
Monitors process efficiency and effectiveness for ongoing process improvement efforts.
Creates, distributes, and updates reports on information security service performance to management and information security governance forum.
Confirms targeted and specialized information security training needs are met.
Handles more technically complex security scenarios.
Contributes to best practices and procedures for protecting information, assets and security in conjunction with department managers.
Collaborates on projects to ensure that security requirements and issues are addressed throughout the project life cycle.
Analyze information security control metrics to demonstrate effectiveness or need for control improvement.
Consults with business service owners and application development teams, providing information security expertise and solutions.
Monitors security SLAs.
Manages project documentation, such as compliance documentation, security plans, corrective action plans, etc.
Provides security briefings to advise on critical issues that may affect the Bank.
Conducts knowledge transfer training sessions to NIRT and other security teams upon new technology implementation.
Handles very technically complex security scenarios.
Coordinates governance communications with key stakeholders and other governance bodies.
Oversees compliance with information security policies and standards program.
Oversees and reports on the information security project portfolio to ensure information security investments and initiatives are meeting business objectives.
Develops and implements standardized service processes, including request processes.
Collaborates with IT Leadership to drive IT changes to effective security based implementations, awareness and accountability.
Evaluates the effectiveness of awareness and training programs and makes recommendations for improvement Vulnerability Management and Local Incident Response Team (LIRT).
Lead Incident Response cases including communication with NIRT, other impacted FRS units, and internal and external law enforcement.
Organize Table-top exercises to practice and rehearse organizational incident response.
Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.
Defines penetration testing criteria for systems and applications.
Regularly communicates the business impact of IT-related risk to business leaders.
Works with business data owners and governance bodies to establish data loss prevention strategies and policies.
Ensures remediation measures have been implemented for non-compliant areas.
Assess threats against vulnerabilities and determine risk to IT assets and recommends the appropriate information security controls and measures.
Serves as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk posture Data Privacy and Data Governance.
Supports e-discovery processes to include identification, collection, preservation and processing of relevant data.
Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Provides advice on a wide range of internet and technology issues, e.g., privacy, computer security, and encryption standards Complexity.
Works on multiple IT security areas.
Works as a team member, sometimes as a team lead, for moderate to highly complex tasks.
Analyzes complex problems and develops solutions.
Bachelor s degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent work experience.
Typically requires 5+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 3 years experience designing and deploying security solutions.
Working knowledge of security issues, techniques and implications across computer platforms.
Demonstrated experience in designing and implementing security solutions.
Strong knowledge of critical security controls.
Working knowledge of secure coding practices, ethical hacking and threat modeling.
Security certifications required (one or more): Certified Security Analyst (ECSA) CompTIA Cybersecurity Analyst (CSA+) Certified Information Systems Auditor (CISA) Certified in Data Protection (CDP)