IT Information Security Analyst

The Information Security Analyst provide accurate and timely monitoring and reporting of systems and potential risks related to client. Responsible for ensuring that the company's digital assets are protected from unauthorized access and perform regular security audits of information systems and develop corrective action plans. Expected to maintain and update information security processes, procedures training programs, and documentation, while providing information security expertise to reduce risk and ensure appropriate levels of data confidentiality, integrity, and availability.

Essential Duties and Responsibilities:

• Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.
• Administer and enhance an ongoing risk assessment program, provide recommendations for improved security design.
• Conduct regular vulnerability scans on systems and applications. Assist with the development and oversee vulnerability management program.
• Assist with the development, implementation, monitoring, and maintenance of information security policies, solutions, procedures, standards, and guidelines.
• Daily administration of information security systems that includes firewalls, spam filtering, URL filtering, endpoint security, data governance, Identity management, syslog server infrastructure and other perimeter security systems.
• Work with the Security Operation Center to maintain rules and alerts within the SIEM as well as be an escalation point to said alerts.
• Evaluate and report on potential risks and threats to Information and data systems. Participate in threat hunting and work on remediation efforts.
• Support, maintain and ensure policy alignment with NIST 2.0 Framework.
• Evaluate and improve information system and security controls related to applications, business processes, change control, data center operations, and incident management processes.
• Review existing security architecture, identify and analyze design gaps, and recommends security enhancements.
• Stays abreast of current and emerging security threats and assist with security design architecture to mitigate.
• Remains current on emerging security technologies and recommend security architecture integration.
• Serves as an information security expert and trusted advisor to IT management.
• Supports security architecture compliance on requirements, including but not limited to: Sarbanes-Oxley, payment card industry standards, HIPAA/HITECH, global data privacy requirements, as well as state and federal regulations.
• Implement and administer the security awareness training program for employees and authorized users.
• Prepare corrective action reports and facilitate mitigation with appropriate personnel.
• Actively participate in defining security requirements for information technology projects.
• Ability to conduct and direct research into IT issues and products.
• Manage, support and administer Endpoint Security Products
• Adhere to all I.T. JSOX policies in performing day to day activities.
• Perform any other tasks/duties as assigned by management.

Education Requirements and Qualifications:

• Successful candidates will have a record of sustained technical knowledge and experience, enterprise hardware, operating system, security software management and professional growth.
• A two or four-year degree from an accredited university or college with course work in computer science, information security, management information systems, or a closely related field.
• Minimum 5+ years of experience of full-time information security related experience
• Certification such as GSEC, SSCP, CISM, CEH or CISSP preferred.
• Self-directed with the ability to work with minimal oversight.
• Working knowledge of application & infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, Next Generation endpoint security suites, SPAM Filters, Proxy Filters, Active Directory, SIEM, MFA, MDM, EDR, and Access Control).
• Working knowledge of information security concepts, standards, and best practices.
• An understanding of the impact of emerging business and end-user technologies have on information security requirements and architecture.
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Demonstrated technical expertise in existing security and IT systems and an ability to keep pace with changing security and IT technologies.
• Team focused with ability to work well with others.
• Communicate complex and technical issues to IT Management, orally and in writing, in an easily understood, authoritative, and actionable manner.
• Ability to multi-task and remain productive in a service-driven and results oriented environment.
• Knowledge of data protection policies, procedures, and products.
• Strong interpersonal and communication skills.
• Physical Environment and Requirements: Employee must be able to occasionally lift and/or move up to 15 pounds.