INFORMATION SECURITY SR ANALYST ( Job Ref : WDLXF7341468 )
- Job Title:
- INFORMATION SECURITY SR ANALYST
- Job Location:
- Other Tennessee - Tennessee
- Category :
- IT Software - Network Administration / Security
- Information Technology
- Work Type:
- Full Time
- Job Role:
- Security Analyst
- Job Type:
- Annual Salary:
- Experience Required:
- 2-8 Years
Key Skills Sets for This Job:
Networking Enterprise software SAP GRC Database Legal RSA Information systems Microsoft Windows Email Data storage Research VI Project management NIST PCI DSS IaaS Infor Threat analysis Best practices Cisco IOS Virtualization Education Adobe Client/server Business process SaaS Workflow Technical drafting Collaboration Internal control Sarbanes-Oxley Attention to detail Process management Policies Linux Audit Software Troubleshooting Partnership Information security management Communication skills Content management Directory Services Reporting HIPAA Information security IBM AIX Enterprise services Business owner Computer Operating systems Thin client Cloud Risk assessment Security architecture Online production IBM System i Security ISO/IEC 27001:2005 Compliance EMC RSA Archer ServiceNow Documentation
DUTIES and ESSENTIAL JOB FUNCTIONS:
Perform effective security risk assessments of services, solutions, and vendors by (i) staying current with security risk assessment techniques and trends, (ii) performing independent research to gather and document security posture information (iii) identifying areas of risk and evaluating for applicability and severity (iv) tracking, updating, and centrally maintaining identified risk information (v) identifying and recommending pragmatic risk remediation options (vi) drafting comprehensive risk assessment reports, and (vii) collaborating with and providing guidance to business owners to ensure identified risks are managed to risk-appropriate remediation, transference, avoidance, or acceptance outcomes.
Support defined Company operating principles help analyze, define, implement, and administer efficient business processes related to the information security program support a variety of security technologies in a hands-on manner monitor service request queues and provide first tier support to internal customers, owning tickets and driving resolution use project management best practices to initiate, manage, and close projects and create and maintain documents related to projects and information security policies, standards, procedures, recommendations, etc.
Analyze current and emerging security best practices, and legal and industry regulatory compliance requirements, for applicability. Stay current with associated security and industry trends, best practices, and standards. Examples include PCI DSS, SOX, HIPAA, GDPR, CCPA.
Work with the information security management team to administer, maintain, and continuously improve applicable regulatory and internal controls compliance programs, investigate known or suspected security incidents and support internal and external audits.
Participate in meetings build and maintain strong partnerships with multiple departments participate in vendor support engagements and other duties as required.
KNOWLEDGE and SKILLS:
Understanding of pragmatic information security controls and holistic defense-in-depth strategies
Understanding of current and developing information security technologies and trends
Working knowledge of security frameworks such as NIST, ISO 27001, etc.
Written and oral communication skills that enable effective communications to appropriate audiences
Extreme attention to detail always leaning toward caution
Ability to learn and retain new skills required to adapt to evolving business and technical environments
Ability to influence and motivate others
Ability to occasionally work during non-standard shifts and in an on-call capacity and be available for occasional travel (up to 5%)
WORK EXPERIENCE and/or EDUCATION:
College degree or equivalent experience in information security or computer information systems.
Minimum 2-3 years of information security experience, preferably in the GRC/IRM realm. Hands-on Navex (formerly LockPath) Keylight experience and/or certifications preferred.
Hands-on experience with GRC/IRM workflow, asset, and process management platforms (e.g., Navex (Lockpath) Keylight, RSA Archer, MetricStream, ServiceNow, etc.), common controls frameworks (e.g., UCF, Adobe CCF, etc.), and threat intelligence platforms, feeds, services.
Experience identifying and addressing security risks associated with host and network operating systems (e.g. Windows, Linux, AIX, AS400, PAN OS, Cisco IOS, etc.) enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, virtualization, etc.) client-server, thin-client, and web-based applications enterprise applications (e.g. Lawson) cloud services (e.g. SaaS, IaaS, etc.) data storage, security architecture, network communications technologies and protocols, etc.
Candidate Must Have:
- Navex (Lockpath) Keylight
- RSA Archer
Established in :
1 Woodbridge Center, Suite 720 Woodbridge, New Jersey - 07095, United States
Website : http://www.tephrainc.com/