Senior Information Security Analyst

Job Overview

Our client in the Old Bridge area of NJ has an excellent opportunity for a Senior Information Security Analyst! 

Responsibilities:

  • Support the overall vision and strategy of the Information Security department.
  • Effectively and proactively collaborate with staff at all levels of the organization to devise and implement security solutions.
  • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
  • Conduct frequent risk and controls assessments, identifying weaknesses and improving the existing business continuity model.
  • Monitor and report on emerging risk and compliance with organizational security policies, including the enforcement of policies within the IT department.
  • Review and understand various regulatory requirements to ensure policies provide sufficient controls for compliance.
  • Ensure policies, procedures and protocols are being executed, and are fit for purpose, and remain current. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Work as a liaison with service providers, and the Contracts and Vendor Management departments, to establish mutually acceptable contracts and service-level agreements.
  • Conduct cyber risk assessments including third party risk to ensure identified risks associated with service providers are monitored, communicated, managed and re-assessed on schedule.
  • Respond to customers’ inbound security questionnaires to provide assurance that the Company is protecting their non-public information, if stored or processed.
  • Review and process Information Security policy exception requests, and track through expiration. Ensure planned remediation efforts and compensating controls are implemented successfully.
  • Monitor threat landscape and security vulnerability information from vendors and third parties.
  • Participate in deployment of security technologies and program enhancements.
  • Provide support and guidance for regulatory compliance efforts, as well as internal and external audits.
  • Implement or coordinate remediation required by audits, and document exceptions as necessary.
  • Implement education programs on user awareness and information security compliance.
  • Conduct access reviews and recertifications for key business systems and applications.
  • Coordinate security awareness training, phishing assessments, and access recertifications for the organization.
  • Work with the Head of Information Security, IT and business stakeholders to define metrics and reporting strategies that effectively communicate risks, successes and progress of the security program.
  • Must be adept at evaluating and understanding business strategies and requirements, and their associated risks, to provide recommendations and develop requirements for the on-going remediation of identified issues or gaps.
  • Prepare technical reports for executive management.
  • Stay current on technology trends and regulatory requirements.

 

Requirements:

  • Bachelor Degree in Computer Science, Information Systems, Cyber Security or equivalent related technical field.
  • At least 5 years’ experience as an Information Security Analyst, or comparable role.
  • Certifications in one or more areas or willingness to obtain: CISSP, CISM, CISA, CRISC, ECSA, CompTIA Security+, or comparable.
  • Experience developing and maintaining policies, procedures, standards and guidelines.
  • Experience with third-party assessments and cloud risk assessment methodologies.
  • Familiarity or experience with NIST Cybersecurity Framework, NIST 800-53, NIST RMF, ISO 27001/27002/31000, FAIR, CIS CSC Top 20, CIS RAM, ITIL, COBIT, OWASP Top 10, and CWE/SANS Top 25.
  • Familiarity or experience with PCI, GDPR, CCPA, SSAE18 SOC 2, ISO, HIPAA, GLBA and SOX compliance assessments.
  • Experience with commercial Vulnerability Management systems (i.e. Rapid7, Tenable, Qualys) a plus.
  • Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management.
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Ability to thrive in both technical and non-technical aspects of Information Security duties.
  • Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
  • Working technical knowledge of current systems’ software, protocols and standards.
  • Strong business process knowledge and application of technology solutions.
  • Knowledge of GRC (Governance, Risk and Compliance) systems a plus.
  • Experience working with legal, audit and compliance staff.
  • Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT staff and business personnel.
  • Strong oral, written and interpersonal communication skills. Ability to effectively convey complex information.
  • Strong customer/client focus, with the ability to manage expectations appropriately.
  • Ability to work well under minimal supervision.
  • Strong project management skills and experience in creating and managing project plans.
  • Knowledge of a managed security service provider models.
  • Knowledge of secure coding practices, ethical hacking and threat modeling.
Job Detail
Shortlist Never pay anyone for job application test or interview.