Senior Information Security Analyst

Senior Information Security Analyst

29 May 2024
Maryland, Rockville, 20847 Rockville USA

Senior Information Security Analyst

Vacancy expired!

Job Description

Overview
The Senior Information Security Analyst is a member of the IT Operations team and works closely with the other members of the IT team and other business areas to develop and implement a comprehensive information security program. This includes defining security policies, processes, and standards. The security analyst works with the IT department and managed service providers to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

Primary Responsibilities

  • Works with the company’s business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
  • Researches, evaluates, and recommends information-security-related solutions, including developing business cases for security investments.
  • Liaisons with the vendor management team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property, PII, ePHI, regulated or other protected data, including: SaaS provider, Cloud as a service (IaaS/PaaS) providers, and managed service providers.
  • Evaluates the statements of work from these providers to ensure that adequate security protections are in place. Assesses the providers’ SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required “user controls,” and report any findings.
  • Oversees the installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security appliances and host-based security systems by managed service providers.
  • Liaisons with the business continuity management team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing and operations when a failover occurs.
  • Researches threats and vulnerabilities and, where appropriate, coordinates action to mitigate threats and remediate vulnerabilities.
  • Participates in security investigations and compliance reviews, as requested by internal or external auditors.
  • Tracks developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
  • Validates that security and other critical patches to firmware and operating systems are configured and deployed in a timely fashion.
  • Facilitates threat modeling of services and applications that correlates to the risk and data associated with the service or application.
  • Ensures that a complete, accurate and valid inventory of all systems, infrastructure and applications is conducted that for assessment an included in security event monitoring solutions.
  • Coordinates with the Legal and Compliance team to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured.
  • Coordinates security assessments of internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.
  • Supports e-discovery processes to include identification, collection, preservation and processing of relevant data.


Qualifications

  • Degree/Diploma in an information system and/or information security related discipline.
  • 8+ years of progressive experiencing in information security roles involved with assessment, response, eradication, and recovering from security attacks.
  • Experience in SaaS system environments, particularly Microsoft 365, NetSuite ERP and Veeva Systems (QualityDocs, Training, QMS, PromoMats, CRM).
  • Working knowledge of the Microsoft Advanced Threat Protection platform.
  • Experience working in a public life sciences company supporting GxP and business systems.
  • Experience in developing, documenting, and maintaining security programs, policies, processes, procedures, and standards.
  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
  • In-depth knowledge of risk assessment methods and technologies.
  • Proficiency in performing risk, business impact, control and vulnerability assessments.
  • Strong understanding of business applications, including ERP and financial systems.
  • Demonstrated experience in creating and maintaining strong relationships and accountability with external service providers.
  • Strong verbal and written communication skills
  • Wholistic, logical, and analytical thinker.
  • Validated Systems (e.g., Good Automated Manufacturing Practice [GAMP], Computer Software Assurance)
  • Working knowledge of Sarbanes-Oxley Act
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) knowledge
  • Working knowledge of General Data Protection Regulation (GDPR)


Preference will be given to candidates with the following certifications: CISSP, CRISC, CISM, CISA, GIAC, or CIPT.

We appreciate flexibility at Aurinia. This role is posted as Rockville, MD but as a distributed organization, we are open to fill this role in a remote capacity or out of our Victoria, BC location.

Additional Information

All candidateinformation will be kept confidential according to EEO guidelines

Related jobs

  • Description

  • Summary This position is located in Office of Nuclear Regulatory Research (RES), Division of Risk Analysis (DRA), Performance and Reliability Branch (PRB). The supervisor is Mehdi Reisi-Fard. This position is Bargaining Unit with the National Treasury Employees Union, Chapter 208. This position is not subject to Confidential Financial Disclosure or to security ownership restriction reporting requirements. Responsibilities As a Reliability and Risk Analyst, the incumbent will provide support to more experienced staff, carry out technical duties with respect to basic quantitative, probabilistic analyses of issues in nuclear safety and initiates appropriate actions to obtain solutions to problems that arise in fulfilling assignments. Duties include, but are not limited to: Assists in performing risk analyses by working with more senior staff, evaluating the design and functional capability of nuclear facilities and/or devices to withstand accident conditions, with a focus on estimating the frequencies of accidents and their consequences. Assists in providing technical reports and discussions of methods, data, and results as well as other assistance to other technical staff that need this information in the conduct of their work. Assists in performing reviews of risk analyses by reviewing risk analyses of issues in a nuclear facility or device, or a study of an entire facility or device, submitted by NRC licensees or other organizations. Assists in the management of contractor projects in risk analysis methods development or applications. Serves on research programs in support of the staff regulatory activities under contract with Department of Energy laboratories, other government agencies, academic institutions, and private contractors to provide technical guidance and to assure compliance with contract requirements. Provides written and oral reports to staff and management on the technical approach and results of projects, as well as on the administrative (financial, scheduler, etc.) aspects of the project. Drafts correspondence and reports in response to inquiries received from members of Congress, other federal agencies, state and local governments, and from the general public. Requirements Conditions of Employment U.S. Citizenship Required This is a Drug Testing position. Background investigation leading to a clearance is required for new hires You must meet the qualifications for this position by no later than 30 calendar days after the closing date of this announcement and before placement in the position. Qualifications In addition to the Basic Requirements, you must also meet the Minimum Qualifications stated below. MINIMUM QUALIFICATIONS: GG-07 - In order to qualify at the GG-07 level, applicants must have one of the following: Completed 1 full year of specialized experience that is equivalent to the GG-05 grade level which is defined as experience that demonstrates a basic knowledge in the field of engineering or risk analysis related to industrial technologies. OR Completed 1 full year of graduate-level education (18 semester hours) related to an Engineering or Physical Science discipline OR Meet the definition of Superior Academic Achievement. S.A.A. is based on (1) class standing, (2) grade-point average, or (3) honor society membership. Superior Academic Achievement. (S.A.A.) GG-09 - In order to qualify at the GG-09 level, applicants must have one of the following: Completed 1 full year of specialized experience that is equivalent to the GG-07 grade level which is defined as experience that demonstrates knowledge in the field of engineering or risk analysis related to industrial technologies including nuclear plants OR experience with research and development programs in the field of nuclear engineering in order to support research programs. OR Completed 2 full years of progressively higher level graduate education (36 semester hours) leading to a Master\'s degree or completed a Master\'s or equivalent graduate degree that is related to an Engineering or Physical Science discipline. Education and experience may be combined for all grade levels for which both education and experience are acceptable. A description of how you possess the specialized experience as well as how you meet the qualifications desired in an ideal candidate should be addressed in your resume. Education You must include an unofficial or official copy of your college and/or university transcripts with your application. Education must be from an accredited (or pre-accredited) college or university recognized by the U.S. Department of Education. If you are qualifying based on foreign education, you must submit proof of credibility of education as evaluated by a credentialing agency. If you have multiple degrees (e.g., BS, MS, PhD) please submit transcripts for each degree. GG-0801 (General Engineering Series): Basic Requirements: A. Degree: Engineering. To be acceptable, the program must: (1) lead to a bachelor’s degree in a school of engineering with at least one program accredited by ABET; or (2) include differential and integral calculus and courses (more advanced than first-year physics and chemistry) in five of the following seven areas of engineering science or physics: (a) statics, dynamics; (b) strength of materials (stress-strain relationships); (c) fluid mechanics, hydraulics; (d) thermodynamics; (e) electrical fields and circuits; (f) nature and properties of materials (relating particle and aggregate structure to properties); and (g) any other comparable area of fundamental engineering science or physics, such as optics, heat transfer, soil mechanics, or electronics. OR B. Combination of education and experience: college-level education, training, and/or technical experience that furnished (1) a thorough knowledge of the physical and mathematical sciences underlying engineering, and (2) a good understanding, both theoretical and practical, of the engineering sciences and techniques and their applications to one of the branches of engineering. The adequacy of such background must be demonstrated by one of the following: Professional registration or licensure Current registration as an Engineer Intern (EI), Engineer in Training (EIT)1, or licensure as a Professional Engineer (PE) by any State, the District of Columbia, Guam, or Puerto Rico. Absent other means of qualifying under this standard, those applicants who achieved such registration by means other than written test (e.g., State grandfather or eminence provisions) are eligible only for positions that are within or closely related to the specialty field of their registration. For example, an applicant who attains registration through a State Board\'s eminence provision as a manufacturing engineer typically would be rated eligible only for manufacturing engineering positions. Written Test Evidence of having successfully passed the Fundamentals of Engineering (FE)2 examination or any other written test required for professional registration by an engineering licensure board in the various States, the District of Columbia, Guam, and Puerto Rico. Specified academic courses Successful completion of at least 60 semester hours of courses in the physical, mathematical, and engineering sciences and that included the courses specified in the basic requirements under paragraph A. The courses must be fully acceptable toward meeting the requirements of an engineering program as described in paragraph A. Related curriculum Successful completion of a curriculum leading to a bachelor\'s degree in an appropriate scientific field, e.g., engineering technology, physics, chemistry, architecture, computer science, mathematics, hydrology, or geology, may be accepted in lieu of a bachelor’s degree in engineering, provided the applicant has had at least 1 year of professional engineering experience acquired under professional engineering supervision and guidance. Ordinarily there should be either an established plan of intensive training to develop professional engineering competence, or several years of prior professional engineering-type experience, e.g., in interdisciplinary positions. (The above examples of related curricula are not all-inclusive.) GG-1301, (General Physical Science Series): Basic requirements: Degree: physical science, engineering, or mathematics that included 24 semester hours in physical science and/or related engineering science such as mechanics, dynamics, properties of materials, and electronics. OR Combination of education and experience education equivalent to one of the majors shown in A above that included at least 24 semester hours in physical science and/or related engineering science, plus appropriate experience or additional education. Additional Information The duty location of this position is Rockville, Maryland. In general, employees are expected to be in the office at a minimum of 4 days per pay period. Telework schedules, including full-time telework, are approved, on a case-by-case basis. If selected, telework will be determined in accordance with Agency policy and the Collective Bargaining Agreement, if applicable.

  • Summary This position is located in Office of Nuclear Material Safety and Safeguards (NMSS), Division of Fuel Management (DFM), Nuclear Analysis and Risk Assessment Branch (NARAB). The supervisor is Dante Johnson. This position is Bargaining Unit with the National Treasury Employees Union, Chapter 208 This position IS subject to Confidential Financial Disclosure reporting requirements. This position IS subject to security ownership restriction reporting requirements Responsibilities The successful candidate will perform the full range of Reliability and Risk Analyst duties. You will serve as a Reliability and Risk Analyst in the Division of Fuel Management (DFM) with responsibility for the review of risk assessments of fuel cycle facilities, spent fuel storage and transportation package designs, and independent spent fuel storage facilities. The following types of tasks are performed: Providing technical advice on risk assessments of nuclear facilities that process special nuclear material, and/or on risk assessments for package certifications of transportation and storage of radioactive materials. Evaluating the design and functional capability of non-power reactor facilities, systems and/or devices to withstand accident conditions, with a focus on estimating the frequencies of accidents and their consequences. Performing analyses of the types of events which can initiate accidents in non-power reactor facilities, systems and/or devices, and the frequency of such events. Carrying out complex technical reviews of qualitative, simplified-quantitative, and quantitative risk analyses of issues in non-power reactor facilities, systems and/or devices, and initiating appropriate actions to obtain solutions to problems. Evaluating the reliability of proposed engineering and administrative controls for risk mitigation. Such duties include but are not limited to: Conducting analyses of the public health and economic consequences, and the overall public risk, of such accidents. Leading discussions of methods, data, and results in the areas described above to other technical staff that need this information in the conduct of their work. Drafting technical reports and making presentations to the Advisory Committee on Reactor Safeguards, the Commission, upper management, and outside groups on technical issues, concerns, or positions developed on regulatory issues related to analyses performed. Requirements Conditions of Employment U.S. Citizenship Required This is a Drug Testing position. Background investigation leading to a clearance is required for new hires. You must meet the qualifications for this position by no later than 30 calendar days after the closing date of this announcement and before placement in the position. Qualifications In order to qualify for this position, you must have at least one year of specialized experience at the next lower grade level (GG-13) in the Federal service or equivalent experience in the private or public sector. The ideal candidate will be able to demonstrate the following: Demonstrated knowledge of the design, operation, and configuration of major systems in complex facilities with processes that could lead to hazardous material releases (radiological and/or chemical), fires, explosions, or other deviations of concern. Demonstrated knowledge and experience applying the principles, theories, and practices in the field of risk and reliability analyst, particularly as applied to qualitative, simplified-quantitative, and/or quantitative risk analyses of issues in facilities or systems that could lead to hazardous material releases (radiological and/or toxic chemical), fires, or explosions. Demonstrated ability to manage complex regulatory or technical issues and to develop sound recommendations and solutions. Demonstrated experience in leading, managing, or participating in complex, highly technical projects or tasks with others leading to timely issue resolution. Demonstrated ability to communicate and present technical information clearly and effectively, both orally and in writing. SPECIALIZED EXPERIENCE is defined as experience that demonstrates professional engineering and/or scientific expertise associated with hazard evaluations and risk assessments of complex facilities or systems with processes that could lead to hazardous material releases (radiological and/or chemical), fires, explosions, or other deviations of concern. A description of how you possess the specialized experience as well as how you meet the qualifications desired in an ideal candidate should be addressed in your resume. Education A. Degree: Engineering. To be acceptable, the program must: (1) lead to a bachelor’s degree in a school of engineering with at least one program accredited by ABET; OR (2) include differential and integral calculus and courses (more advanced than first-year physics and chemistry) in five of the following seven areas of engineering science or physics: (a) statics, dynamics; (b) strength of materials (stress-strain relationships); (c) fluid mechanics, hydraulics; (d) thermodynamics; (e) electrical fields and circuits; (f) nature and properties of materials (relating particle and aggregate structure to properties); and (g) any other comparable area of fundamental engineering science or physics, such as optics, heat transfer, soil mechanics, or electronics. OR B. Combination of education and experience college-level education, training, and/or technical experience that furnished: (1) a thorough knowledge of the physical and mathematical sciences underlying engineering, and (2) a good understanding, both theoretical and practical, of the engineering sciences and techniques and their applications to one of the branches of engineering. The adequacy of such background must be demonstrated by one of the following: 1. Professional registration or licensure Current registration as an Engineer Intern (EI), Engineer in Training (EIT)1, or licensure as a Professional Engineer (PE) by any State, the District of Columbia, Guam, or Puerto Rico. Absent other means of qualifying under this standard, those applicants who achieved such registration by means other than written test (e.g., State grandfather or eminence provisions) are eligible only for positions that are within or closely related to the specialty field of their registration. For example, an applicant who attains registration through a State Board\'s eminence provision as a manufacturing engineer typically would be rated eligible only for manufacturing engineering positions. 2. Written Test Evidence of having successfully passed the Fundamentals of Engineering (FE)2 examination or any other written test required for professional registration by an engineering licensure board in the various States, the District of Columbia, Guam, and Puerto Rico. 3. Specified academic courses Successful completion of at least 60 semester hours of courses in the physical, mathematical, and engineering sciences and that included the courses specified in the basic requirements under paragraph A. The courses must be fully acceptable toward meeting the requirements of an engineering program as described in paragraph A. 4. Related curriculum Successful completion of a curriculum leading to a bachelor\'s degree in an appropriate scientific field, e.g., engineering technology, physics, chemistry, architecture, computer science, mathematics, hydrology, or geology, may be accepted in lieu of a bachelor’s degree in engineering, provided the applicant has had at least 1 year of professional engineering experience acquired under professional engineering supervision and guidance. Ordinarily there should be either an established plan of intensive training to develop professional engineering competence, or several years of prior professional engineering-type experience, e.g., in interdisciplinary positions. (The above examples of related curricula are not all-inclusive.) Additional Information The duty location of this position is Rockville, MD. In general, employees are expected to be in the office at a minimum of 4 days per pay period. Telework schedules, including full-time telework, are approved, on a case-by-case basis. If selected, telework will be determined in accordance with Agency policy and the Collective Bargaining Agreement, if applicable.

  • PURPOSE:

  • Allied Universal®, North America’s leading security and facility services company, provides rewarding careers that give you a sense of purpose. While working in a dynamic, diverse and inclusive workplace, you will be part of a team that fuels a culture that will reflect in our communities and customers we serve. We offer medical, dental and vision coverage, life insurance, retirement plan, employee assistance programs, company discounts, perks and more for most full-time positions!

  • Syms Strategic Group (SSG)  is seeking a talented Senior Program Manager

  • Overview

Job Details

  • ID
    JC14594093
  • State
  • City
  • Job type
    Full-time
  • Salary
    N/A
  • Hiring Company
    NXTThing RPO, LLC
  • Date
    2021-05-22
  • Deadline
    2021-07-21
  • Category

Jocancy Online Job Portal by jobSearchi.