Information Security Analyst
The Information Security Analyst is responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with Asurion security policy and applicable law; conducting SAS 70 / SOX audit for IT controls, performing contract reviews and coordinating investigation and reporting of security incidents. Working with the Information Technology team and the rest of the security group, the incumbent will monitor, assess and update the environment to safeguard resources and information assets.
The Information Security Analyst will also assist in facilitating audits, perform penetration testing, vulnerability assessment scans and risk assessment reviews.
Monitor and advise on information security issues related to the systems and workflow at Asurion to ensure the internal security controls for the company are appropriate and operating as intended.
Coordinate and execute IT security projects.
Coordinate response to information security incidents.
Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
Facilitate security audits for IT related controls stemming from SAS 70, SOX and client contractual provisions
Manage remediation plans for any gaps reported in audits or recommended process improvements.
Collaborate with IT management, the legal department, fraud department, human resources and law enforcement agencies to manage security vulnerabilities or investigations.
Review client and vendor contracts and agreements for adherence to security provisions and make recommendations for verbiage changes if needed.
Assist with the creation and maintenance of user security awareness materials.
Conduct security research in keeping abreast of latest security issues.
Prepares security documentation including department policies and procedures, company notifications and alerts.
Perform other related duties as assigned.
BA or BS in Computer Science, Management Information Systems, or related field desirable, practical experience plus education and certifications may be considered.
Five+ years of progressive experience in computing and information security, including experience with Internet technology and security issues.
Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis, contract review, management of gap remediation and compliance testing.
CISSP, GSEC, GIAC, or other security certifications desired.
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality and desktop, server, application, database, network security principles for risk identification and analysis.
Strong analytical and problem solving skills are necessary.
Excellent communication (oral, written, presentation), interpersonal and consultative skills are required
This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
Asurion - 14 months ago
Asurion is the global leader in providing consumer technology protection services across three continents. Asurion offers...