Enterprise Security Analyst
Istonish - Boulder, CO

This job posting is no longer available on Istonish. Find similar jobs: Enterprise Security Analyst jobs - Istonish jobs

Istonish is a minority owned, privately-held, award-winning business enterprise, headquartered in Denver, Colorado. When you join Istonish, you become a part of the team dedicated to delivering outstanding technical and customer service to our clients.
The security analyst is responsible for analyzing an enterprise's information security environment and recommending security measures to safeguard its valuable information assets. The person in this position must possess a detailed knowledge of the business, as well as information security expertise, to develop and implement security plans appropriate to the level of risk the enterprise faces. The security analyst position requires proficiency in the use of various tools and techniques, including risk, business impact, control, and vulnerability assessments, used to identify business needs and determine control requirements. Experience in developing security plans including security architecture and tactical plans are essential. The security analyst acts as an advisor to the enterprise's business units, as well as to other risk management functions, such as the enterprise risk management, audit, and business continuity management and compliance organizations. In depth experience leading and conducting Security Assessments for Assessment and Authorization (A&A) activities and Internal Control Reviews (ICRs) per NIST 800-53 using the methods identified in NIST SP 800-53a. Validating the implementation statements for the NIST SP 800-53 controls documented in the System Security Plans (SSP) for programs. Creating the appropriate documentation of these risks (security assessment report, Plan of Action and Milestones (POA&Ms), risk assessment report, etc.) Gather and research information for use in technical documentation relating to Information Security compliance according to NIST guidelines (system security plans, NIST 800-60/FIPS 199 security categorization, etc.) Acts as a leader in the development and management of the information security program. Responsible for implementing and monitoring the enterprise program ensuring the security, integrity, privacy, and availability of information and systems. Work in conjunction with the CISO to develop, implement, and manage the overall enterprise process for information security strategy and associated architecture, policies, standards and guidelines. Lead business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action. Reports to client management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance. Consults in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned. Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle. Develops security processes and procedures and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained. Lead security investigations and compliance reviews as requested by internal or external auditors and assists with the resolution of negative audit findings. Assists security administrators and IT staff in the resolution of reported security incidents. Researches and assesses new threats and security alerts and recommends remedial action Key contributor in the development and on-going delivery of the security awareness training program. Communicates with resource owners and end users to increase their awareness of security threats, protections, applicable security policies and standards. Collates security incident and event data, unresolved network security exposures, and audit remediation to produce monthly exception and management reports. Some weekend and after-hours security support work may be required.
What Youll Need: Bachelor's degree in Computer Science, Information Technology / Management or related field plus five years IT and system and enterprise experience. Master's degree is preferred. Current security clearance a plus, ability to be cleared to Top Secret level required.
Technical Competencies: In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Knowledge of and experience in developing, documenting and maintaining security architecture and plans, processes, procedures, including strategic, tactical and project plans. Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks. Knowledge of the fundamentals of project management, and experience in creating and managing project plans, including budgeting and resource allocation. In-depth knowledge of risk assessment methods and technologies. Proficiency in performing risk, business impact, control and vulnerability assessments. Strong understanding of business applications, including enterprise resource planning (ERP) and financial systems. Technical proficiency with security-related systems and applications, especially mainstream OSs (e.g. Microsoft Windows and Linux), and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools. Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.

About this company
4 reviews
We help you do more with less. Technology can be complicated. But, what we do for our clients is simple. Istonish helps you accomplish...