IS Analyst

IS Analyst

Vacancy expired!

Qualifications:

• Bachelor's degree or equivalent combination of education and experience.
• Minimum of 6 years of experience monitoring, administering, developing or assessing security controls or security systems (6 years for level II, 8 years for level III; 10 years for level IV)
• Consistently demonstrates good judgment and a sense of urgency.
• Demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
• An understanding of organizational mission, values, goals and consistent application of this knowledge, including commitment to delivering high-quality, prompt and efficient service to the business.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Ability to identify and assess the severity and potential impact of risks, communicate findings to business stakeholders, and effectively influence others towards fact-based decisions about compliance and risk management activities.
• Experience related to IT compliance and risk management, corporate governance, information security, business continuity, or access management.
• Excellent prioritization capabilities, with an experience with breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to work on several tasks simultaneously and prioritize work effectively.
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Deep knowledge of NIST Cybersecurity Framework in addition to NIST security control, risk management and risk assessment frameworks and practices (e.g. 800-53, 800-37, 800-30) is preferred.

Responsibilities:
Our client is looking for an experienced and enthusiastic Information Security Analyst to join their Information Security Governance, Risk and Compliance team. In this role, you will provide expertise to support development, implementation, monitoring and assessment of security controls, processes and procedures. Ideal candidates will have had previous experience with information security control and risk management frameworks such as NIST 800-53 and NIST 800-37 in addition to commitment to delivering high-quality, prompt, and efficient services to the business.

• Provide guidance and expertise to effectively categorize information and information systems to ensure impact levels for the security objectives of Confidentiality, Integrity, and Availability are aligned appropriately.
• Support development and implementation of system security plans including selection of controls and development of related artifacts, control procedures or related specification documents.
• Perform and/or facilitate assessment activities to validate security controls are implemented correctly, operating as intended, and producing the desired outcomes.
• Execute against continuous monitoring and continuous assurance activities including monitoring for changes to the system, performing periodic assessments of security controls, tracking control remediation actions, updating system security documentation, reporting status of security activities and facilitating ongoing risk determination and acceptance.
• Conduct research and analysis on security topics and produce written reports for management.
• Provide input to SAFR process activities and related documentation (e.g. system lifecycle support plans, operational procedures, training materials, etc.).
• Coordinate security exception request and approval processes.
• Conduct analysis and prepare reports for leadership and key governance groups.
• Monitor non-compliance and provide recommendations for process improvements or control enhancements where required.
• Collaborate with business and technology teams on projects and key initiatives to ensure that security requirements are addressed throughout the project life cycle.
• Provide education to staff on applicable policies, procedures, and standards.
• Provide information security consulting to business service owners and application development teams, providing information security expertise and solution recommendations where possible.
• Provide support for security governance activities, including managing communication about security control frameworks, policies and standards. Identify, assess, track and report on security risks across the enterprise.
• Track risk decisions and remediation plans. Work closely with Enterprise Risk to communicate risks to both technical and non-technical audiences. Monitor and verify compliance with new and existing policies, procedures and standards.