Information Security Analyst

What you'll do: • Establish a strategic security architecture vision, including standards and frameworks that are aligned with the overall business and IT strategies • Act as information security subject matter expert; provides advisory and consulting services to business, IT departments, and IS management • Work closely with Enterprise Architecture and Application Development to enhance the security posture of new and existing systems • Work to design security architecture, evaluate risk posed to the organization from, and ultimately approve the implementation of systems and applications into the environment • Assess the state of the information security program using the NIST Cybersecurity Framework and the FFIEC Cyber Assessment Tool to identify gaps and works with appropriate stakeholders to remediate deficiencies • Participate in the development of information security strategies, roadmaps, policies, and standards • Ensure systems and applications are implemented with compensating controls to meet regulatory requirements (GLBA, SOX, HIPAA, FFIEC, etc.) as well as other organizational compliance (PCI) requirements • Track metrics for compliance to IS standards by application and system owners • Develop and mentor team members Skilles needed for success: • Bachelor's degree in Computer Science or related degree, preferred • Eight (8) years experience in Information Security with a focus on software development, secure SDLC, or security architecture • Evaluate risk versus reward and apply in a meaningful manner to the benefit of the organization • Translate complex technical information across all levels of the organization • Ability to use independent judgment to make sound, justifiable decisions and takes action to solve problems • Work effectively with a team as well as independently without daily direction • Manage and prioritize multiple tasks in an effective manner • Excellent customer service skills and problem resolution • Excellent written and verbal communication skills including developing and providing effective professional presentations to various audience types including senior management and leadership • Expert level knowledge of security principles • In depth knowledge of security solutions, tools, methodologies, and techniques • Strong project management skills • Thorough understanding of risks associated with virtualization and cloud-based computing and the impact of those technologies on an organizations security posture • Excellent customer service skills and problem resolution

Created: 2024-11-05