Strategy and Operations oversees the entire Technology department, including personnel, software, infrastructure, processes, and support. It is responsible for technology planning, strategy, architecture, security, disaster recovery, and management of Commonwealth's technology investment portfolio.
As part of the Information Security team, our analyst will be responsible for ensuring that the company’s information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This role will have you serving as an in-house consultant, responsible for designing, implementing, supporting, and maintaining policies and security solutions in both operational and customer-hosted environments. To succeed in this position, you will need to be an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously. Strong communication skills and a customer focus are a must.
As a senior information security analyst, your responsibilities would include:
The ideal candidate would also meet the following requirements:
- Serving as an internal information security consultant to the organization
- Supporting the development, implementation, and management of security policies and procedures to ensure that they remain aligned with business objectives and meet regulatory requirements
- Supporting the development, implementation, and management of our security knowledge base (wiki) to include all company products and environments
- Responding to customer inquiries regarding the company’s security practices
- Ensuring that the company’s security program remains in compliance with applicable regulations, including evolving data privacy regulations
- Providing support with third-party security risk assessments and IT audits and providing tracking for findings and resolution
- Providing expertise in support of new product development activities to ensure that products comply with information security and privacy standards
- Performing additional duties and projects as assigned
Waltham, MA position
- BS/BA degree in computer/management information systems or related discipline (or equivalent experience) and 2–5 years of related work experience in information security governance and/or related functions (such as IT audit and IT risk management)
- Excellent verbal and written communication skills to develop positive relationships and effectively communicate with employees, customers, auditors, business partners, and all levels of management
- Experience with information security management frameworks, such as AT 101 SOC 2, ISO, ITIL, COBIT, NIST, to include development of policies, process, and procedures within the environment
- Experience supporting regulatory and compliance programs, such as HIPAA, GLB Reg S-P, and MA 201 CMR 17
- Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and Windows, as well as LAN/WAN internetworking protocols, such as TCP/IP and network perimeter protection (firewalls)
- Strong technical background, including Active Directory, firewalls, and vulnerability scanning tools, highly desired
- CISA, CISM, CRISC, CISSP, or similar security certification required
If it were up to Commonwealth Equity Services we'd all have wealth in common. Operating as Commonwealth Financial Network, the...