IT Security Analyst II

Enhance security awareness, assess compliance, and mitigate IT-related risks across the organization. Collaborate with internal business units, IT, and other relevant departments to improve overall compliance and address non-compliant issues. Develop and deliver training programs to increase security awareness across the organization. Conduct regular audits and assessments to ensure compliance with industry standards and regulations. Provide guidance and recommendations to shape security policies and procedures, ensuring they are up-to-date and effective. While the role is primarily advisory and hands-off regarding configuration, it remains crucial in enhancing IT-related security across the organization. Reports to Vice President of Information Technology.

• Monitor the company's security systems, conduct investigations and contribute to the security incident response process.
• With leadership support, draft, update, review, and publish security policies and materials.
• Assist in the implementation of policies and procedures to adequately address controls.
• Develop, operationalize, and maintain security compliance metrics and documentation to support continuous improvement. Provide support for security compliance requests and incidents.
• Evaluate security requirements in context with other business requirements and recommend measures to manage risk and adequately secure information systems.
• Manage the accountability and responses from audit finding owners to provide needed details in a timely manner for submission of remediation reports.
• Perform due diligence and ongoing assessments of information security vendors to assess risk.
• Conduct reviews and risk assessments to identify weaknesses or security exposures, assess impact and recommend solutions to mitigate risks and exposures.
• Assist with annual compliance requirements.
• Collaborate on business and IT projects to ensure security policy/risk issues are addressed.
• Perform other duties as assigned.

Education

• Bachelor's degree in Computer Science, Management Information Systems, or related field; or 8 years of security-related work experience

Experience

• Experience with NIST Cybersecurity Framework required
• Experience with CIS Critical Security Controls required
• Experience with Microsoft 365 Security
• Experience with Microsoft Purview (formerly compliance)

Knowledge, Skills and Abilities

• Must possess strong analytical and investigative skills, excellent interpersonal communication skills with the ability to write technical reports understandable to non-IT staff

Licenses / Certifications

• CISM or CISSP certification required