We have a direct-hire position for a Security Analyst with one of our clients in Suwanee, GA. No third party candidates considered for this position.

Local Candidates Preferred. Video Interview is mandatory.

Please contact at (678) 381-1499

The Information Security Analyst (ISA), will be a contributing member of the Information Security Office (ISO) in the design, support, and execution of information security solutions and services using a risk-based approach. The ISA will work directly with all Client business units in support of maintaining and identifying opportunities to improve the information security posture of both Client and its customers. The ISA will be an active participant in the daily execution of information security related compliance controls including monitoring, scanning, analysis, reporting, validation, and evidence archival. Where appropriate, the ISA will serve Client and its customers in a consultative role as a corporate information security subject matter expert, SME. Prospective candidates will have solid and proven experience in information security and compliant controlled environments. Strong time management, organizational, and multi-tasking skills are crucial to ensuring success in this position.

Responsibilities - Other duties may be assigned

• Provide technical, business, and information security analysis support in the design, development, and implementation of vulnerability management processes.
• Own and manage roles, groups and permissions within assigned information security tools.
• Organize and prepare various vulnerability scan result outputs and reports.
• Provide statistical reports to management on vulnerability remediation progress.
• Serve as primary contact for technical vendor management for assigned tools.
• Lead the execution, organization, verification, reporting, and evidence archival of User Access Certification campaigns.
• Coordinate multiple vendor and authoritative resource vulnerability notifications to aggregate a weekly internal notification to all Client technical lines of business.
• Review and analyze daily audit reports for indications of possible information security incidents and indicators of compromise.
• Contribute to the management and scheduling of information security and compliance related vulnerability scans.
• Participate in the vulnerability management process through the review, analysis, validation, reporting, and evidence archival of remediation efforts.
• Provide advice on information security issues related to the systems and workflows at Client to ensure internal security controls for the organization are appropriate and operating as intended to meet compliance requirements.
• Participate in information security incident response activation as necessary.
• Contribute to the performance of regular corporate risk assessments and business impact analyses.
• Provide information security advice and guidance to Corporate Lines of Business (LOBs).
• Assist management with the development and publishing of Information Security policies, procedures, standards and specifications.
• Participate in Corporate and Client facing audit engagements, as requested, to ensure Client adherence to applicable standards and compliance initiatives (e.g. NIST, FedRAMP, PCI DSS, SOC I & SOCII, and others)
• Collaborate with Client business units and law enforcement agencies to manage security vulnerabilities.
• Participate in the design, review, and support of information security solutions to reduce the Corporation's risk profile (e.g. Network/Host IDS, Vulnerability Scanning and Management, & Incident Response)
• Conduct security research towards keeping abreast of the latest information security issues, researching and reporting on security trends and emerging industry solutions.

Basic Qualifications:

• 4 year degree in computer science or related field or equivalent experience.
• Minimum of 5 years in Information Security Services, IT audit, and/or Risk Management.
• Completion of at least one (1) security related certification (e.g. CISA, CIA, CFE, CISM,CISSP, SSCP, CEH, CIPP, GIAC or CBCP)
• Minimum of 2 years hands-on operational experience with a GRC platform, preferably Key light GRC.
• Minimum of 2 year s experience delivering on compliant controls related to PCI DSS, FedRAMP, or SOCII.
• Ability to travel up to 25%
• ship is required by law for this position due to federal customer contracts

Preferred Qualifications:

• A thorough understanding of network and system-based attack vectors.
• Solid understanding of information security related concerns in the deployment of firewalls, switches, routers, DNS, IDS/IPS, cloud infrastructure, and log management.
• Working knowledge of various compliance regulations and IT/security frameworks/standards (e.g. PCI DSS, HIPAA, FedRAMP, FFIEC, FINRA, ISO20000, ISO27000, ITILv3, NIST, SAS70).
• Knowledge of the Managed Services Provider industry is a plus
• Knowledge of Managed Security Services Provider industry is a plus

Knowledge, Skills & Abilities:

• Highly motivated, team-oriented individual with excellent oral and written communication skills.
• Strong interpersonal skills to build/maintain ongoing business relationships with employees, vendors, and clients at all levels of an organization.
• A capacity to thrive in a dynamic environment where daily priorities can change frequently.