|Date Posted||July 30, 2020|
CISSP Information Security Analyst
The Information Security Analyst is responsible for performing services and activities to support the Information Security program. In this customer-facing role, the Information Security Analyst provides guidance and shares security knowledge with various internal teams and stakeholders. Areas of responsibility include security architecture, firewalls, monitoring and response, endpoint security, and vulnerability management. Furthermore, this position also supports the Information Security Team in performing security assessments, product evaluations, project support, and any other operational tasks needed to support the Information Security program and strategic objectives.
1. Operational Support
Act as the central point of contact for the Information Security Team to facilitate the handling of security incidents and requests.
Prepare reports for Director of Information Security and other stakeholders on various security assessments to demonstrate the security posture of the organization.
Participate in projects as a stakeholder for Information Security to provide support and convey security architecture requirements.
Assist with reviews of company projects and provide input on potential risks, threats, and appropriate solutions to meet information security requirements.
Support the Information Security Engineers with vulnerability management, DLP, NAC, PKI, authentication services, firewall request workflows, and endpoint security.
Support the Change / Release Management processes through communication to the relevant stakeholders and teams, in coordination with the Security Team.
Be a major influence in promoting information security best practices, standards, and procedures.
Percentage of time: 40%
2. Risk Management
Support the Information Security audit process by providing documentation on the implementation of technical controls and remediation of previously identified gaps.
Assist in the development, implementation, and management of security policies, standards, procedures, and guidelines that will assist the relevant teams in the implementation of Information Security Program requirements.
Monitor and analyze the effectiveness of technical mitigations, based on a continual auditing process and review of scheduled security reports.
Document and follow-up on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures.
Identify areas that would help automate or improve aspects of the audit process to improve efficiency.
Percentage of time: 30%
3. Incident Response
Liaise between the Security Team and different departments and stakeholders in response to detected threats and mitigations.
Act as a backup to the Information Security Engineers to address incidents impacting client and provide remediation in order to restore normal operations.
Channel lessons learned action items into the continual improvement process overall for the incident response capability.
Participate in business continuity or cyber-attacks exercises to validate the adequacy of relevant response plans, as needed.
Percentage of time: 10%
CERTIFICATIONS, LICENSES, REGISTRATIONS
Minimum: CISSP or equivalent
Preferred: One or more of following certifications: GIAC, SSCP, CCNA, CompTIA , ITIL, or MCITP
Minimum: Knowledge of Windows Operating systems, Networking, and Firewalls. Knowledge of server and desktop operating systems, RDBMS, WAN & LAN technologies, network communications protocols, real-time systems, and HIPAA compliance. Knowledge of IT Service Management including frameworks such as ITIL and project management.
Preferred: Advanced Knowledge of Windows or Linux, secure configuration practices, and a working knowledge of scripting languages (PowerShell, VisualBasic, Python, Bash, etc.)
YEARS OF RELATED WORK EXPERIENCE
Minimum: 3 years IT administration experience, with 1 of those years focused on IT Security
Preferred: 5 years IT administration experience, with 2 of those years focused on IT Security
PROBLEM SOLVING AND DECISION MAKING
Strong analytical skills, problem solving skills and project management skills
Strong ability to work within a collaborative environment and capability to multi-task.
Must have the ability to be able to present complex or technical concepts to less technical audiences.