AVASO Technology Solutions is currently seeking a Senior Information Security Analyst with a passion for the IT area.

As an AVASO employee, you will be part of a global organization that provides IT Services to big national as well as international clients across multiple industries.

We are an IT solution provider with coverage in more than 170 countries as well as global distribution capabilities. We have a proven track record of success in providing best-of-breed technology solutions to enterprises of all sizes, including some of the world’s largest brands.

AVASO offers you an excellent growth opportunity with a strong global company and good money.

Website:- https://www.avasotech.com/

VISA Requirements:- The Candidate must be a Citizen or authorized to work in USA .

Language Requirements:-

• The Candidate must be fluent (At least B2) in the English Language.

Job Title (Corp Title and Functional Title): Assistant Vice President – Senior Information Security

Analyst

Location: Manhattan, New York, United States

Position type: Full-Time

Department/Team: Risk Management Department/Information Security Team

Reports to: Chief Information Security Officer

Supervises: Junior Information Security Analyst

Summary:

This is a full-time position for a Senior Information Security Analyst (“Security Analyst”) within the

Information Security team that participates in all aspects of information security.

The Security Analyst shall act as a risk manager with the responsibility for identifying, acting on

and escalating risks and is held strictly accountable for the failure to discharge their information

security duties.

The employee shall also be responsible for demonstrating risk awareness by

following all security policies, procedures, and internal controls in the daily routine.

The ability to make decisions and influence decisions in the areas of risk management and

compliance are key to the role.

The Security Analyst will ensure that policy and compliance

documentation, requirements, and controls are properly and timely identified, mapped,

tracked, reviewed, and reported for the organization to increase security posture.

In this role, he will work closely with other members of the Security Team and IT Infrastructure

Teams to manage and support security administration tasks and security projects.

Responsibilities:

• Experience leading risk assessments, audits, policy, governance, and/or reporting, preferably in a financial institution
• Assist with mapping controls to policies, procedures, and processes and testing of those controls to ensure adequate coverage
• Establish and maintain security manuals
• Work with control owners in the remediation and tracking of deficiencies.
• Assist with increasing the maturity of the Information Security program, strategy, and process.
• Provide security services in identifying, assessing, managing, and tracking remediation of information security risks related to IT infrastructure, applications, platforms suppliers and drive explicit requirements and timelines in all environments
• Provide update to the CISO and/or CRO on the progress of remediation efforts
• Qualys:

– scanning for vulnerabilities and baseline configuration compliance

– monitoring new and existing vulnerabilities and working with IT and users to remediate

– Daily, Weekly, and Monthly, reporting – reviewing results of reports and presenting to IT to

remediate issues

– Network monitoring – Monitoring assets connected to the network scanning for assets

and reconciling with IT asset inventory

– Daily monitoring of system events for malicious activity

• Tufin – Firewall rule review and approval
• AlienVault – SIEM – System event monitoring and analysis with follow-up if the issue is detected
• Tipping Point – IPS – Monitoring network for signs of malicious activity or exploitation
• Trellix EPO TMS – Daily monitoring of Data Loss Prevention tools
• Manage phishing campaigns, create email templates, perform testing, analyze results, and write report
• Spirion – Create scans to monitor files containing PII and ensure they are destroyed in accordance with the data retention policy
• Privileged Access Management (PAM) and reporting
• Chair weekly IT meetings to discuss vulnerabilities, patching, and alarms generated by IS tools
• Threat Intelligence – Monitor Qualys Threat Protection Feed and CISA emails for relevant information to protect the network
• Work with vendors for troubleshooting and maintenance of IS tools

Education and Experience Requirements:

• 5 years managing information security governance, risk, and compliance
• Bachelor’s degree in information technology or security discipline (e.g. cybersecurity) or related work experience
• Industry-recognized security certifications are a plus but not required (e.g. CISSP, CISA, CISM, CEH, etc.)

Skills and Knowledge:

• Demonstrated knowledge of industry authoritative sources such as NIST Cybersecurity Framework, SOC2 and ISO standards, FFIEC framework, and NYDFS-Part 500 regulations
• Working with GRC applications and toolsets, such as RSA Archer
• Proficient in Microsoft Office
• Excellent written and verbal communication and presentation skills; Good command of spoken and written English.
• Interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as non-technical audiences
• Skilled at planning, tracking plans, and working across departments to review risks, controls, and processes, and gathering and organizing documentation and test results
• Self-directed, works with minimal guidance, and recognizes when guidance needed
• Ability to cope with pressure and responsibility

This job description is not limited to the responsibilities listed and the incumbent may be requested to perform other relevant duties as required by business needs.