POSITION SUMMARY:The Information Security Analyst will primarily be responsible for researching, proposing, implementing, and monitoring systems and data security following industry best practices. Act as the subject matter expert concerning information security. Lead information security team. MAJOR TASKS: Oversee and assure company-wide information security and maintain environment confidentiality, integrity, and availability. Actively monitors systems activity, to identify suspicious activity and respond accordingly. Correlate and validate alerts. Provide context within the business, and coordinate response. Support and uphold Timber Products’ information security program by implementing tactical solutions, investigating, and responding to potential cyber security incidents, and aligning solutions to governance driven from industry requirements and corporate leadership. Incident response manager, responsible for maintenance of incident response plan and policies, development of incident playbooks, plan testing and training. Develops, implements, and enforces company-wide security policies and procedures to ensure consistent security practices across the organization. Documents security standards and guidelines. Prepares reports documenting potential and realized cyber security incidents outlining extent of threats and suggests mitigating actions. Provides Root Cause Analysis reports on all security incidents and presents findings and remediation recommendations to IT leadership. Performs regular assessments of the company’s systems environment, leveraging external resources where appropriate, to identify, classify and address potential security risks; including but not limited to external penetration testing and both internal and external vulnerability scanning of Timber Products systems. Contextualize Vulnerability Management to coordinate and prioritize the remediation. Conducts IT and End User training on Information Security related topics. Preparing training materials, conducting employee security training, and sending frequent instructional/preventative communications regarding security best practices and threat awareness. Manages the security awareness training platform, regularly audits user completion of required training. Monitor threat landscape regarding the products we use (Microsoft, Cisco, etc.) through public and subscription-based channels. Research systems’ security best practices; recommends and assists in the implementation of architectural, procedural and policy changes to mitigate or remediate the risks to Timber Products’ systems and data. Works with security toolsets and trusted vendors to ensure the data environment is well protected from unauthorized infiltration and exfiltration of sensitive corporate data assets; Implement and Manage security tools. May be called upon to augment the corporate Help Desk staff during those hours when emergency help is needed by any Timber Products site during those hours when the corporate Help Desk is not manned.SKILL REQUIREMENTS: 4 years’ experience in Information Security, or comparable position. B.S. Degree in Cyber Security, Computer Science, or related field preferred. Experience working in the cyber security field. Information Security related certification such as CISSP is a plus. Must be able to communicate effectively and confidently with users, team members and management. Ability to research and diagnose security risks and system problems. Strong conceptual, analytical and problem-solving abilities. Must be flexible and willing to undertake a wide variety of challenging tasks.
