04/22/2022

Information Security Analyst

Information Security Analyst

The Information Security Analyst will monitor our computer networks for security issues, install security software, and document any security issues.  Working under the guidance of the Associate Director of Information Security, you will design and implement IT security systems to protect the organization's computer networks from cyber-attacks. You will also help develop organization wide best practices for IT security.

Responsibilities:

• Monitor computer networks for security issues.
• Maintain and manage our security awareness program, end user trainings, communications, along with PhishRip system.
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Perform vulnerability scans and fix detected vulnerabilities to maintain a high-security standard.
• Stay current on IT security trends and news.
• Perform penetration testing.
• Help colleagues install security software and understand information security management.
• Research security enhancements and make recommendations to management.
• Analyze IT requirements and provide objective advice on the use of IT security requirements
• Design, analyze and implement efficient IT security systems
• Maintain and test business continuity and disaster recovery plans
• Coordinate with IT Security vendors to create a comprehensive IT security program
• Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local, state and federal regulations and standards for the company’s information systems. Management of security policy exceptions process.
• Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Broaden and deepen knowledge of the business and environment of
  IT with respect to the delivery of projects, strategic initiatives and systems
  portfolio to effectively assist IT managers and staff with risk and compliance

Information Security Analyst Requirements:

• Bachelor's degree in computer science, technology, or related field. (preferred)
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI). (preferred)
• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53.
• 0-3 years' experience in information security or related field.
• Understanding of firewalls, proxies, SIEM, antivirus, network infrastructure, and IDPS concepts.
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them.
• Excellent communications skills (oral and written)
• Creativity, attention-to-detail, and passion for organization
• Strong mental agility, able to quickly change direction and adapt