Information Security Analyst

JOB SUMMARY

 The IT Security Analyst, under the direction of the Chief Information Security Officer will assist with the execution of IT security standards, best practices, architecture, and systems to ensure IT security across the enterprise. The IT security administrator will implement processes and methods for auditing and addressing non-compliance of IT security standards and facilitate the migration of non-compliant environments to compliant environments. The IT security administrator will participate in the planning and implementation of security requirements for IT projects and make recommendations for security applications to assist with the implementation of changes to work methods and procedures, making them more effective to strengthen security measures. This position ensures information security controls are prioritized and maintained when users and/or vendors require access to internal databases/applications.  Analyzes and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities, and recommends solutions and best practices. Analyzes and assesses suspected or actual damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends and/or implements solutions. Tests for compliance with security policies and procedures. Will assist in the creation, implementation, and/or management of security solutions as directed by Chief Information Officer. 

Participates in IT on call rotation and may assist with system administration / networking tasks as needed.

MAJOR JOB RESPONSIBILITIES

Assist with facilitation and promotion of activities to create information security awareness within the organization, including matters of strict confidence.  Includes preparation of complex computer spreadsheets.

Perform information security risk assessments regarding security issues and after action reviews as appropriate.

Monitor compliance with information security policies and procedures, referring problems to the appropriate department manager. Monitor the internal control systems to ensure that appropriate access levels are maintained.

Continue to develop skills, knowledge, and ability to improve processes and procedures as well as to keep updated on trends and developments in the industry. This includes meeting annual personal development goals.

 Maintain information security policies and procedures to ensure security strategies are followed to meet the organizational security goals and standards.

Identify and resolve risks in accordance with the Organization’s security risk assessment processes.

Follow all security policies and promote activities and procedures to create a general awareness of the significance of security within the Organization.

Review system security plans implemented throughout the entire network of the Organization and uphold the responsibilities of an information security professional.

Act as a liaison with or under the direction of the CISO to the agency for IT security related topics and monitor compliance with security standards.

Monitor the internal controlling systems to ensure accessibility whenever it is required by the users.

Report information security incidents as per the incident response policy and manage RCA and remediation, as directed by the Chief Information Security Officer.

Maintain Incident response plans and make suggestions for improvements.

Operate information security programs as needed and when instructed by the Chief Information Security  Officer.

Perform vulnerability scanning on systems regularly and report gaps to appropriate team leads.

Collaborate with teams to provide subject matter expertise on security of servers, applications, and networks.

Performs other related duties as required/assigned.

MINIMUM QUALIFICATIONS

 Education and Experience:

 A Bachelor’s degree in Computer Science, Information Systems or related field and/or any equivalent combination of training, education and experience. 

A minimum of 2 years of information technology work experience. Experience desired in areas such as systems security analyst, network and/or systems administration, computer operations and user support, etc.

Must have proven production experience with Microsoft Active Directory Management, Incident Response, pen-testing, endpoint management, implementation and troubleshooting.

Networking and Next Gen Firewall experience highly desired. 

Knowledge of host hardening, auditing, logging and monitoring, network security, security analytics, anomaly detections, etc.

Information security certifications (e.g. Sec , CISSP, etc.) preferred. 

Experience with change management preferred. 

 Licenses and Certifications:

 Valid Class C Driver’s License and satisfactory motor vehicle record (desirable).

 Knowledge, Skills and Abilities:

 Knowledge of bookkeeping and accounting principles, practices, methods, and procedures.

 Knowledge of modern office practices, procedures, and equipment - including computers.

 Ability to perform mathematical calculations.

 Experience with Microsoft Office products, specifically Windows, Excel and Word.

 Ability to deal courteously and diplomatically with the public and be tactful with difficult customers.

 Ability to communicate clearly and effectively, both orally and in writing.

 This class specification should not be interpreted as all inclusive.  It is intended to identify the major responsibilities and requirements of this job.  The incumbents may be required to perform job-related responsibilities and tasks other than those stated in this specification.

Salary : $65,000 - $70,000