Info Security Analyst (BC)
Job Location: Warren, NJ
Date Posted: 2020-02-25
Major Insurance Company - The Senior Analyst (Information Security) supports and maintains Information Security governance, risk management and compliance programs across the global enterprise.
Support the overall vision/strategy of the Information Security department. Effectively and proactively collaborate with staff at all levels of the organization to devise and implement security solutions. Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation. Conduct frequent risk and controls assessments, identifying weaknesses and improving the existing business continuity model. Monitor and report on emerging risk and compliance with organizational security policies, including the enforcement of policies within the IT department. Review and understand various regulatory requirements to ensure policies provide sufficient controls for compliance. Ensure policies, procedures & protocols are being executed, and are fit for purpose, and remain current. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance. Recommend and coordinate the implementation of technical controls to support & enforce defined security policies. Work as a liaison with service providers, and the Contracts/Vendor Management departments, to establish mutually acceptable contracts & service-level agreements. Conduct cyber risk assessments including third party risk to ensure identified risks associated with service providers are monitored, communicated, managed and re-assessed on schedule. Respond to customers' inbound security questionnaires to provide assurance that the Company is protecting their non-public information, if stored or processed. Review & process Information Security policy exception requests, and track through expiration. Ensure planned remediation efforts and compensating controls are implemented successfully. Monitor threat landscape & security vulnerability information from vendors and third parties. Participate in deployment of security technologies and program enhancements. Provide support and guidance for regulatory compliance efforts, as well as internal and external audits. Implement or coordinate remediation required by audits, and document exceptions as necessary. Implement education programs on user awareness and information security compliance. Conduct access reviews and recertifications for key business systems and applications. Coordinate security awareness training, phishing assessments, and access recertifications for the organization. Work with the Head of Information Security, IT and business stakeholders to define metrics and reporting strategies that effectively communicate risks, successes and progress of the security program. Must be adept at evaluating and understanding business strategies and requirements, and their associated risks, to provide recommendations and develop requirements for the on-going remediation of identified issues or gaps. Prepare technical reports for executive management. Stay current on technology trends and regulatory requirements.
Bachelor in Computer Science, Info Systems, Cyber Security or equivalent related technical field. At least 5 years’ experience as an Information Security Analyst, or comparable role. Certifications in one or more areas or willingness to obtain: CISSP, CISM, CISA, CRISC, ECSA, CompTIA Security+, or comparable. Experience developing & maintaining policies, procedures, standards & guidelines. Experience with third-party assessments & cloud risk assessment methodologies. Familiarity or experience with NIST Cybersecurity Framework, NIST 800-53, NIST RMF, ISO 27001/27002/31000, FAIR, CIS CSC Top 20, CIS RAM, ITIL, COBIT, OWASP Top 10, & CWE/SANS Top 25. Familiarity or experience with PCI, GDPR, CCPA, SSAE18 SOC 2, ISO, HIPAA, GLBA & SOX compliance assessments. Experience with commercial Vulnerability Management systems (i.e. Rapid7, Tenable, Qualys) a plus.
Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management. Proficiency in performing risk, business impact, control & vulnerability assessments, and in defining treatment strategies. Ability to thrive in both technical and non-technical aspects of Information Security duties. Knowledge of network infrastructure, including routers, switches, firewalls, & associated network protocols & concepts. Working technical knowledge of current systems' software, protocols & standards. Strong business process knowledge & application of technology solutions. Knowledge of GRC (Governance, Risk & Compliance) systems a plus. Experience working with legal, audit & compliance staff. Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people
oles, including vendors, IT staff & business personnel. Strong communication skills. Ability to effectively convey complex information. Strong customer/client focus, with the ability to manage expectations appropriately. Ability to work well under minimal supervision. Strong project management skills & experience in creating/managing project plans. Knowledge of a managed security service provider models. Knowledge of secure coding practices, ethical hacking & threat modeling.
Please contact Brian Clark at firstname.lastname@example.org
105K + Bonus
Recruiter LinkedIn Page