Information Security and Compliance Analyst
Job Responsibilities :
Maintain and update relevant system and process documentation and develop ad-hoc reports as needed.
Identify opportunities for process improvement; develop and execute project plans to enhance operational effectiveness, including deployment of new controls or configuration changes.
Identify IT compliance control gaps and oversee the documentation and implementation of IT controls to mitigate any found process control gap.
Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.
Develop and maintain a comprehensive set of information security policies, standards, guidelines and procedures and insure that they are adequately communicated to the appropriate parties.
Identify security issues and risks, and develop mitigation plans.
Design system security architecture and develop detailed security designs Lead IT Technical staff in evaluating, selecting, installing and testing security hardware and software.
Provide off-hours support on an infrequent, but as needed basis.
Oversee architecture of all infrastructure security systems and deployments by providing consulting to projects and initiatives.
Analyze, troubleshoot, and investigate security-related, information systems’ anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.
Job Requirements :
Bachelor's degree in Computer Science or Information Systems.
Minimum 7 year(s) of working experience with at least 5 of those years focused on IT security is required for this position.
Professional certification as a Certified Information Systems Security Professional (CISSP) or comparable security track.
Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits.
Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings.
Hands-on experience with 5 of the following: vulnerability scanning, firewall, antivirus& malware analysis, proxy, IDS/IPS, log correlation tools, SIEM, DLP, NAC, and application firewall solutions. Understanding of and ability to read / create Visual Basic, Shell, and SQL scripts.
Comfortable working on both Linux-based and MS Windows-based system platforms.
Strong IT technical understanding and aptitude for analytical problem-solving.
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
Experience in data loss prevention methods and technologies.
Understanding of encryption technologies and applications.
Read, analyze, and interpret documents such as technical journals, financial reports, and legal documents
Write complex reports, business correspondence, procedure manuals and policy manuals using excellent grammar, correct punctuation and spelling, cohesive structure, concise wording and appropriate tone
Ability to work effectively with diverse populations