Cyber and Info SecurityAnalyst (NIST, PCI DSS, CISSP, CISA)

at InfoObjects Inc
Published September 23, 2022
Location Salinas, CA
Category Default  
Job Type Full-time  

Description

Cyber and Info Security Analyst

Location: Salinas, CA (Onsite)

Duration: 3-6 Months Contract To Hire

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Monitor, review, analyze and document security alerts and reports generated from various platforms and applications.
  • Identify threat risks from the reported phishing, malware and virus-related alerts.
  • Build automation for detecting, preventing and responding to security events.
  • Perform vulnerability scans; review and track identified vulnerabilities until remediated.
  • Establish and coordinate remediation and mitigation activities for identified security risks.
  • Incorporate Security check processes into existing and new enterprise systems.
  • Conduct regular quarterly, semi-annual, and annual application user access reviews to ensure banking regulatory compliance (FFIEC, GLBA, SOX)
  • Research, analyze, recommend, design and implement network-based, host-based or cloudbased Information Security solutions.
  • Design, implement and maintain Security controls that support NIST, FFIEC, SOC2, PCI DSS, GLBA, SOX frameworks.
  • Ensure ongoing protection of corporate data and information assets by properly maintaining Information Security policies, standards, procedures and processes.
  • Conduct regular phishing campaigns; track and analyze metrics.
  • Manage third-party vendors risk assessments.
  • Assist with gathering documentation to support internal and external audits.
  • Assist in execution of third-party security testing (pen testing, bug bounty, audits, etc.)
  • Continuously update documentation and prepare materials for quarterly IT Steering.
  • Committee or other governance entities.
  • Act as a Cybersecurity and Information Security SME (Subject Matter Expert) to various internal teams on emerging threats.
  • Continuously learn the latest Cybersecurity and Information Security information by participating in educational opportunities, reading professional publications, and participating in professional events.

MINIMUM QUALIFICATIONS

  • Bachelor’s degree in Computer Information Science, Engineering, or related field, or suitable combination of education, experience and training.
  • Information Security certifications such as CISSP, CISA, CISM, GCIA or other SANS GIAC certifications (either currently active or will be completed within 6-12 months).
  • 5+ years of experience in Information Security, Risk and Compliance management, preferably in highly regulated industry (financial services, banking)
  • Good understanding of the following compliance/security frameworks: NIST, FFIEC, SOC2, PCI DSS, GLBA and SOX
  • Medium-to-advanced knowledge of subjects such as infrastructure (network, servers, storage) security design and architecture, endpoint protection, SSO, MDM, BYOD, DLP, IAM vulnerability management, penetration testing, intrusion detection, risk management, and forensics.
  • Familiar with cloud Security architecture in Microsoft Azure and Office 365.
  • Working knowledge of Information Security tools (vulnerability management, Nessus, Rapid7, OpenSSL, NMAP, PAM, SIEM, pen testing, network packet analysis, forensics, etc.) and basic scripting.

- provided by Dice

Drop files here browse files ...