The analyst will report directly to the CIO office or subdelegated authority and will also work with IT Security and application development sections.
This position is a hands-on technical position performing a variety of tasks.
This Security Analyst will specialize in securing web applications developed and supported by the client.
Key Responsibilities:
Research and implementation of cyber threat preventative designs and standards. This role includes developing processes to follow during a cyber-attack and taking an active role during a cyber-attack.
Working with several areas of the client and with the data center specialists, the analysist will advise on policies and procedures to implement web application security into application designs and also to identify and implement secure infrastructure design and configurations.
This security analyst will work with the IT Security officer, application team managers and technical leads, and business partners to respond to and document controls in order to meet various audit requirements.
Designs and coordinates implementation of security controls.
Monitors compliance with security policies and procedures.
The security analyst will coordinate and collaborate with multiple sections, business partners, and other Agencies.
Create compelling presentations to share effective practices, process improvements, business partners, and executives as requested.
Mentors development teams on how to implement security controls.
Lead a culture change to actively integrate security controls into the current SDLC.
Qualifications:
Relies on extensive experience and judgment to plan and accomplish goals
Must remain abreast of the ever evolving and new cyber security trends and preventative methods, current technology, emerging technology, and industry trends
Must have experience with a variety of the security concepts, practices, and procedures
Must have excellent communication skills, facilitation skills, mentoring skills and ability to work under pressure
Security Analyst capabilities with 8 or more years of web application security experience.
Proficiency with a wide variety of security concepts, practices, and procedures
Skill creating compelling presentations to share effective practices, process improvements to IT and business partners
Must have web application development experience and web application infrastructure experience
Ability to become a trusted process advisor, with a high level of operational thinking and ability to analyze IT systems
Experience in development and facilitation of planning, orientation and training sessions with executives, management and other agencies desired
Strong analytical and systemic thinking skills, with ability to synthesize information from many sources to develop technical and business recommendations.
Effective communication skills including excellent listening skills and the ability to communicate technically and professionally with all levels of staff both verbally and in writing.
Security Risk and Compliance Analyst will operate within a divisional security team reporting to the Director of Information Security. Analyst will be responsible for risk assessment, reporting and audit of Customer facing applications supporting the Tax and Accounting (TAA) and Corporate Performance (CP&ESG) application portfolio. Primary responsibilities will include maintaining compliance and assurance against established security frameworks including SO2 and ISO27001. Analyst will work on annual certification requirements and daily IT security tasks. IT Risk assessment and documentation and assessment of implemented security policies and standards will be a core focus of this position. Analyst will perform a wide range of security tasks to monitor and support the Confidentiality, Integrity, and Availability of applications.