SR. SECURITY ANALYST
Summary: Report to and work at the direction of the Information Security and IT Governance Officer in overseeing the IT’s information and IT security program. This individual will be responsible for providing the technical oversight needed to maintain a secure environment.
Be highly knowledgeable of the Organization’s overall security policies, and recommend changes and enhancement.
Perform routine risk assessments and impact analyses to identify vulnerable areas within the company’s security program.
Manage all aspects of the vulnerability assessment software including defining asset groups, determining software parameters, and assigning scan profiles. Will also have primary oversight of the handling of vulnerability tickets including the evaluation of vulnerability exceptions. Will keep management apprised of vulnerabilities and risks by leading the Vulnerability and Patch Management Committee.
Will oversee the handling of firewall/IDS/IPS incident tickets to ensure incidents are investigated and solved appropriately. Could include investigating incidents directly. Will keep management apprised of results.
Will have ownership of the IT incident response program. Will develop incident procedures and oversee the investigation and reporting of all security incidents including phishing, smishing, virus, dos, and privacy breaches. Will keep management apprised of incidents.
Will have ownership of the Security Information and Event Management solution.
Coordinate firewall rule reviews including scheduling, result review, and follow-up to ensure results are addressed timely and appropriately.
Coordinate reviews performed by external entities including but not limited to internal vulnerability assessments and penetration testing.
Establish a monitoring program to ensure Company applications, equipment, systems, and services are compliant with established security policies and procedures as well as industry standards. This includes preparing review scope documents, creating review work programs, performing security reviews, and issuing security recommendations.
Will review recommendations made by all IT teams to ensure security is adequately addressed.
Will be the primary authority for defining security controls and security baselines for systems being implemented.
Inform and train staff members, both inside and outside the IT department, on their responsibilities concerning IT security as it relates to Company systems.
Assess need for security reconfigurations (minor or significant) and either execute them or coordinate the execution of them.
Develop security procedures as necessary.
Remain informed on trends and issues in the security industry, including current and emerging technologies. Keep team managers apprised of findings.
Keep current with emerging security standards, alerts and issues. (FFIEC Security Handbook, ISO, etc)
Other duties as assigned.
Education – Minimum of 8 years of experience related specifically to IT Security or IT Auditing.
Certifications – Have Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or other comparable certification.
Training - Continuing professional education will also be provided to maintain a certification in good standing.
Specialized training will be provided as needed. Training will be dependent on infrastructure and business strategies.
Must have ability to work independently and be able to manage multiple projects simultaneously.
Excellent analytical, mathematical, and creative problem-solving skills.
Excellent written and oral communications skills; communicate in terms to both technical and business associates
Possess leadership skills and be self motivated and self directed.