Information Security Analyst

Job Title : Information Security Analyst Role

Location: HYBRID at Mason, OH (45040)/ 2 days a week (Tue & Thurs)

Duration: 6 Months on W2 (With possible extension & conversion based on the performance)

MAJOR DUTIES AND RESPONSIBILITIES

Monitor and analyze vulnerability assessment data to identify and communicate technical risks to the organization

Support the identification and impact classification for new vulnerabilities identified in the environment

Execute and support vulnerability assessments, penetration testing and social engineering activities

Provide the Information Security and IT Security team information on the emerging cyber threat landscape, including threat actor tactics, techniques, and procedures

Facilitate vulnerability management processes by tracking and coordinating remediation efforts across multiple teams

Ensure timely closure of security gaps by working with application, infrastructure, and operations teams

Support IS in achieving the vision and strategic objectives of the vulnerability program

Provide regular updates and risk summaries to leadership regarding the status of remediation efforts

Support leadership to identify capability gaps in vulnerability management services

Support responses to client and third-party security inquiries, questionnaires, and audit requests related to vulnerability management

Manage and utilize IS tools such as DLP, Code scanner, external security profile, internal and external scanning tools and scoring platforms etc. to analyze gaps in security controls

Participate in the IT SDLC program to ensure that security is included in project by default and by design

Develop strong working relationships across business, technology units and potentially clients to ensure a high degree of alignment and accountability in remediation, security compliance and client satisfaction.

Collaborate with cross-functional teams to improve security posture and embed security into existing IT and operational workflows

Assist with regulatory and compliance requirements, contributing to security audits, attestations, and certifications

Brief IS leadership on vulnerability assessment results and potential risks

Conduct analysis, aggregate and report on vulnerability data from various scanning tools and platforms

Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function

BASIC QUALIFICATIONS

Bachelors degree in computer science, IT or equivalent

3 years of experience in IT Risk or IS or Compliance

Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST

Demonstrated experience in implementing compliance frameworks for financial services organizations with similar information security needs and requirements

Familiarity and understanding of a broad range of IT hardware and software products

Strong project and time management abilities

Excellent presentation, verbal communication, and written skills

Excellent analytical, problem-solving and organizational skills

Experience managing typical enterprise security and intrusion detection systems, especially in a regulated environment

Ability to work in a collaborative environment across business and technology teams

Experience in producing clear and actionable reports for technical and non-technical stakeholders

PREFERRED QUALIFICATIONS

Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.

Experience or knowledge with healthcare, health insurance, managed care, or regulated industries

Knowledge of CMS and HIPAA related vendor standards and requirements

Working knowledge of Security SDLC tools

Familiarity or experience with the following tools:

o Security Scorecard, BitSight, SSL Labs

o Nessus Pro, Qualys

o Splunk, JIRA

o HCL AppScan, or similar code scanning and vulnerability tools