Information Security Analyst 21-00072 New York, Ny (Candidate should live within the tristate area with ability to come onsite after Covid restrictions are lifted Must be able to obtain a Security Clearance - No Corp to Corp or 3rd party agencies
We are looking for an Information Security Analyst to join our team of professionals. Selected individual will support the Information Security Risk Assessment and Management team in executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats. Risk assessments that assess the security posture of information systems and provide direction and recommendation based on the assessment results. Coordinate internal resources and third parties for the successful execution of security activities Develop a detailed project plan to monitor and track progress of security initiatives. Conduct on a regular cadence reviews of active security tasks and document actionable next steps meet project objectives. Develop security metrics to measure performance on security risk management activities. Required Experienced in conducting security risk assessment based on NIST 800-53 controls. Strong understanding of industry standard information security control frameworks. (e.g., NIST risk management framework SP 800-37, risk assessment SP 800-30, controls SP NIST 800-53, NIST CSF, FedRAMP, etc.). Demonstrate experience in the area of risk and controls across various IT platforms including web, Cloud, applications, database, operating systems, infrastructure, and network security. Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives and translate into business risks. Be able to recommend security solutions and remediation. Strong knowledge of information security landscape, security solutions, and current and emerging security threats. Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc.) a plus. Candidate must have a minimal 7 years of experience in an information security role. Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc. Cloud Security Certification would be a big plus) Ability to collaborate across different teams to achieve deliverables Proven working experience in project management Excellent client-facing and internal communication skills Excellent written and verbal communication skills Solid organizational skills including attention to detail and multitasking skills.