Information Security Analyst II

Description JOB TITLE – Information Security Analyst II POSITION SUMMARY: Individuals within the Information Security role plan, execute, and manage multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. These individuals provide expertise and assistance to ensure the company's infrastructure and information assets are protected. Individuals develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines. They perform security assessments and security attestations. To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues. PRIMARY DUTIES AND RESPONSIBILITIES: · Works on security initiatives/issues for one or more IT functional area (e.g., applications, systems, network and/or Web) across the enterprise. · Develops security solutions for medium to complex assignments. · Works on multiple projects as a team member and leads systems-related security components. · Develops, refines, and implements enterprise wide security policies, procedures, and standards to meet compliance responsibilities. · Supports service-level agreements (SLAs) to ensure that security controls are developed, managed and maintained. · Monitors compliance with security policies, standards, guidelines and procedures. · Assists in the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting and escalation. · Works with customers to identify security requirements using methods that may include risk and business impact assessments. · Analyzes business processes and business requirements to determine conformance to security policies and procedures. · Provides security-related guidance on business processes. · Participates in designing secure infrastructure solutions and applications. · Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options. · Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken. · Participates in security investigations and compliance reviews as requested. · Performs security monitoring and reporting, analyzes security alerts and escalates security alerts to local support teams. · Provides security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. · Assists in the development and implementation of information security disaster recovery test plans. · Engages application and systems management in information security disaster recovery testing, objectives and assessment. · Performs control and vulnerability assessments. · Identifies and resolves root causes of security-related problems. · Works with teams to resolve issues that are uncovered by various internal and third party monitoring tools. · Collaborates on projects to ensure that security issues are addressed throughout the project life cycle. · Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance. · Assists in the development and delivery of security awareness and compliance training programs · May guide users on the usage and administration of security tools that control and monitor information security. · Mentors less-experienced team members. EXPERIENCE AND EDUCATIONAL REQUIREMENTS: · Bachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience · Typically has 3-5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design and administration and 1-2 years of experience with IT security · Desired professional certification in technical security areas MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS: · Requires knowledge of security issues, techniques and implications across all existing computer platforms · Strong computer skills in order to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABC · Working knowledge of network solutions and systems · Good analytical and problem solving skills · Ability to communicate effectively both orally and in writing · Good interpersonal skills · Ability to prioritize work load and consistently meet deadlines · Strong organizational skills; attention to detail · Demonstrated sound understanding of at least 1 and general of an additional 2 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST and PCI · Certification in at least 2 Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required   Responsibilities

• Assist in the design and implementation of PAM technologies and standards to support complex enterprise solutions.
• Create detailed documentation, and provide input on technology standards, and information security and risk practices.
• Develop internal and external checks and controls to ensure proper governance, security and quality of information assets.
• Communicate effectively with clients, colleagues, vendors, senior management and translate complex technical solutions into non-technical requirements documents.

Qualifications:

• 3-5 years of experience assisting with engineering enterprise level Privileged Access Management and Identity and Access Management projects.
• Prefer experience with Beyond Trust
• Bachelor's degree in computer science, Information Systems or other related field, or equivalent work experience.
• Expert knowledge in Privileged Access Management and other IAM domains. 
• Understanding of Active Directory and core functions.
• Understanding of Cloud platforms such as: AWS, Azure, GCP.
• Understanding of Windows/Linux server configuration/architecture.

---