Information Security Analyst

• The Information Security Risk & Compliance Analyst is responsible for supporting and maintaining the information security program to ensure that information assets and associated information systems are adequately protected in the digital ecosystem in which Customer operates.
• This role supports all day-to-day operations, functions and capabilities relating to technology risk and compliance. The role supports the Information Security compliance program and is responsible for operating Customer’s technology risk management processes, maintaining Customer’s technology related Information Security policies, and completing risk assessments of technology related initiatives.

Basic Requirements:

• Minimum of 5 years of experience in a combination of incident response, information security and IT.
• Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
• Understanding and experience assessing and securing AWS and related service and O365 and related services.
• Degree in technology-related field preferred, or equivalent work- or education-related experience.
• Professional security management certification is required, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacking (CEH), GIAC Information Security Professional (GISP), or other similar credentials.
• Advanced knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.
• Knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.

Principal Duties:

• Support the Risk & Compliance Department
• Support the completion of assessments of the operational effectiveness of the security controls and supports any required remediation.
• Identify and document cyber risks and manage mitigation and follow up on open security risks. Report issues to IT stakeholders.
• Assist in the execution of Customer's information security program, including meeting PCI compliance requirements.
• Assist with cross-department remediation project tasks in multiple workstreams. Act as lead for IT focused remediation projects.
• Develop and update of information security policies and standards.
• Provide technical support and expertise related to tools used to perform security and vulnerability assessments. Assist with ad-hoc vulnerability compliance reporting and follow up with support partners to ensure all identified vulnerabilities are being addressed.
• Provide support to Information Security Incident Response team during cyber incidents.
• Validate that information security requirement are built into architectures and new technology projects.

Essential Functions:

• Ability to work well individually as well as in a team environment.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Up-to-date knowledge of methodologies and trends in both information security and IT.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker, with strong problem-solving skills.
• Ability to manage one or more projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Ability to lead internal security technology projects and security remediation projects with limited dependencies on external IT teams.
• High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
• Ability to be on-call 24x7x365 rotation for information security reviews of emergency changes and to support for information security incidents.
• Ability to lead, mentor and influence others.