The IT Security Analyst is a member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. The IT Security Analyst reports to the Chief Information Security Officer. This position is actively involved with the on-going development and support of the IS Security Program including: Identity Access and Management (IAM), Data Protection, Threat and Vulnerability Management, Risk Assessments, and Security Governance. Successful candidates will be familiar with security tools and concepts, and capable of working independently.
1.Works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments, to produce recommendations of acceptable risk and risk mitigation strategies.
2.Develop, implement, maintain and oversee enforcement of policies, standards, procedures and associated plans for system security administration and user system access based on industry standard best practices. Assist with defining baseline security configurations for operating systems, applications, and networking equipment.
3.Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
4.Researches, evaluates, designs, tests, recommends, and implements information-security-related hardware and software, to include playing an advisory role in product acquisitions to assess security requirements and to ensure security controls are implemented as planned.
5.Work closely with the Security Architects, IT Senior Security Analyst, Information Services staff and operational customers to ensure proposed and existing security technologies are aligned and implemented with organizational goals and objectives.
6.Assist with the implementation of information security management frameworks and applicable regulatory requirements.
7.Deploy, manage and maintain security systems and their corresponding or associated software.
8.Participate in incident response exercises with colleagues throughout the organization and incorporate lessons-learned into existing practices.
9.Design, implement and report on security system and end user activity audits
10.Monitor security logs for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
11.Assist in the review of Change Control Requests submitted by IS Security
12.Assist organization in the resolution of reported security incidents.
13.Stays current with security trends and researches new threats, and recommends remedial action.