This posting has been closed |
The Senior IT Security Analyst develops and implements a comprehensive information security programs including defining security policies, processes and standards. They perform audit assessments and define processes and standards to ensure that security configurations are maintained and other applicable security requirements are in place. They provide consultative guidance on the development of information security strategies and programs. They lead efforts, oversee work results, provide formal training and serve as a technical resource for Information Security team members.
Essential Functions:
- Validates that technical and operational information security controls are incorporated into new IT systems by participating in all business planning groups and reviewing all new systems/installations and major changes - 15%
- Participates in initiatives to identify, select and implement technical controls - 15%
- Develops information security processes, policies and procedures. Advises on service level agreements and works to ensure that security controls are managed and maintained - 15%
- Serves as a liaison and lead on audit-related initiatives managing relationships, collection of data, progression tracking, assessment and remedial activities - 10%
- Analyzes, proposes and implements solutions concerning residual risk, vulnerabilities and other security exposures - 5%
- Works with IT leadership to develop strategies and plans to enforce security requirements and address identified risks - 5%
- Advises IT Security other IT teams on normal and exception-based processing of security authorization requests - 5%
- Proactively identifies company-wide program opportunities and works to implement solutions. Guides the direction of the overall information security program - 5%
- Serves as a liaison with IT and business area partners to identify, understand, document and advise on security requirements, impacts and risks - 5%
- Develops and maintains documentation for security systems, procedures and security diagrams - 5%
- Participates on IT projects to ensure that security issues are addressed throughout the project life cycle - 5%
- Researches, evaluates and recommends information security related hardware and software including development of businesses cases for security investments - 5%
- Assists and supports the development of security architecture - 5%
REQUIRED QUALIFICATIONS:
Required Work Experience:
- 8+ years related work experience or equivalent combination of transferable experience and education
- IT Security, IT Audit, Controls Auditor, Infrastructure Controls
Additional Required Qualifications:
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Systems Manager (CISM)
- In-depth knowledge of information risk concepts and principles and impact
- Knowledge of NIST, HITRUST, ARS, or other security controls framework and the ability to assess the effectiveness of controls.
- Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
- Knowledge of audit and assessment activities and processes.
- Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
- Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
- Ability to manage tasks independently and take ownership of responsibilities
- Ability to learn from mistakes and apply constructive feedback to improve performance
- Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
- Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
- Ability to adapt to a rapidly changing environment
- High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
- Must demonstrate initiative and effective independent decision-making skills
Certifications
CISSP | Preferred |
CISA | Preferred |
CISM | Preferred |