Senior Information Security Specialist

We are seeking a highly skilled Security Analyst to join our team. This individual will be responsible for performing duties related to compliance certifications, continuous monitoring of controls and operational security administration, analysis of security-related incidents, vulnerabilities, and events that may affect our organization and its clients.

• Provide compliance guidance to cloud security offering business units and product teams.
• Support internal/external ISO 27001/9001, SOC 2, SOC 1, and any new regional assessments requirements to support business growth.
• Work effectively as part of a geographically distributed team.
• Develop and maintain security operations processes & documentation (e.g., runbooks, operating procedures, Cyber Incident response).
• Maintain event collection environment through health monitoring and logs from Fire Walls, VPN, Email protection, Network Analytics, access control cards system, and CCTV.
• Interact with various security products and platforms, including O365, MimeCast, WorkspaceOne, Fortinet, Cloud Hosting Providers (Azure, AWS), and others.
• Provide support for implementation and maintenance of SIEM, DLP, endpoint protection, and other security tool alerts.
• Provide hands-on based input of vendor proposals and emerging security technologies and systems.
• Coordinate, track, and Manage CEII compliance.
• Provide technical expertise and support to IT management and staff in the implementation of security/protection technologies and network systems/applications.
• Assist with penetration testing and vulnerability management efforts.
• Participate in customer audits and respond to infosec questionnaires as part of the RFP process.
• Participate in incident management activities which include associated investigations, ticket response, communications including periodic tabletop exercises.
• Assist in Risk Management, Vendor Management, and governance of Information Security policies across the company.
• Continuously improve our security practices and processes and keep company and customer data safe across our services and infrastructure.
• Design and build metrics and dashboards to track security incidents, vulnerabilities, risks, and awareness.

• Minimum 6 years of related experience in Compliance and information security.
• Well-versed in technologies like Windows, Antivirus, Data loss prevention (DLP).
• Must have experience in Firewalls, Cloud platforms, and content filtering solutions.
• Must have experience in creating and maintaining security policy documents.
• Good to have experience with regular vulnerability and web application scanning methodologies.
• Crisis management (Incident Management) identification and reporting.
• Network and cloud-based penetration testing experience required.
• Incident response experience and prepare relevant security metrics dashboards.
• 2-4 years' experience with Firewall, Network, Anti-Virus, DLP, Azure, AWS, and Desktop security administration.
• Proficiency with security tools and platforms (e.g., SIEMs, vulnerability scanners, and malware analyzers).
• Familiarity with IDS/IPS systems and endpoint Antivirus and EDR products.
• Insider Threat Hunting and Analysis.
• 2+ years of professional experience focused on ITIL standards and practices.
• Knowledge of current security standards, including ISO 27001, ISO 9001, SOC2, SOC 1, FERC, CEII, GDPR.
• Ability to understand enterprise business computing operations/requirements and cloud-based cybersecurity services.
• Working knowledge DevOps concepts (e.g., Infrastructure as Code, Deployment Pipelines).
• Must have a general hands-on IT background with the capability and enthusiasm of delving into new technologies.
• Must be willing to work in different time zones.
• Good communication, presentation, documentation skills.
• Collaborate closely with Clous Ops, IT, and Other functions as a first line security point of contact within the GRC team.