Mid-Level Security Analyst / Consultant

Job Requirements:

Knowledge & Experience (3-5 years’ experience)

  • Strong working knowledge of information security principles and best practice frameworks
  • Knowledge of risk management tools and architectures
  • Experience facilitating risk identification sessions including face to face interviews and electronic data gathering and analysis
  • Knowledge of encryption best practices specifically related to the storing, processing and transmitting of confidential data elements.
  • In depth knowledge of network technologies to include wireless, wired and remotely disbursed networks. In depth knowledge of third party connection scenarios and compensating controls also required
  • Ability to comprehend complex technical topics quickly
  • Ability to discuss complex topics with both technical and non-technical personnel
  • Ability to participate and be accountable to a team atmosphere – act as a team member within a group of information security /compliance professionals
    • Technical certification in IT auditing and/or information security a plus, including two or more of the following:
      • CISSP, CISA, CISM, GSEC, EnCase, PCI-QSA, Security+
  • Strong working knowledge of COSO, COBIT or similar information technology governance/control frameworks.
  • Demonstrated progressive professional experience with one or more of the following:
    • Sarbanes Oxley IT General Controls audit
    • Payment Card Industry Data Security Standard assessment
    • Internal Audits focused on Information Technology General Controls
    • Information security governance and risk assurance and assessment programs.
  • Ability to work independently, meet critical and frequent deadlines; strong project management skills.
  • Ability to develop innovative solutions and lead changes in implementing new processes or practices
  • Very strong interpersonal, organizational, verbal and written communication skills
  • Adaptability; self-starter; team player and team leader; quality minded; focused; committed; work independently.

Essential Job Functions:

Strategy & Planning

  • Maintain an awareness of existing and proposed security standards, state and federal legislation and regulations pertaining to information security.
  • Monitor regulatory trends to keep the department informed of future compliance requirements
    • Assist in the scoping of projects and developing proposals; clearly and formally document risks and collaborate with project managers and business owners to address risks
    • Provide input to information security policy governance process; make recommendations for new policies or changes to existing policies based on regulatory and risk trends

Assessments and Remediation

  • Participate in infrastructure design and reviews and provide technical analysis of information security requirements necessary for the protection of all information processed, stored or transmitted by systems and applications
  • Identify potential vulnerabilities within an application and risk impacts to other applications or underlying infrastructure and recommend suitable controls and countermeasures to mitigate such vulnerabilities
  • Interact with customers and third parties in performance of risk assessments to identify and quantify potential exposures related to services provided to the customer and third party; document and recommend mitigation actions to management.

Operational Management

  • Interact with process owners and subject matter experts for the purpose of risk and controls analysis, identifying deficiencies, developing alternatives, building consensus, and supporting implementation of solutions.
  • Perform Data Classification – properly classify and label data according to policy.
  • Conduct routine hardware and software audits of network and security devices for compliance – test against established customer standards, policies, procedures and configuration guidelines
  • Develop and maintain IT general control and IT testing documentation, execute ongoing controls monitoring activities, and coordinate controls testing and reporting
  • Track and report corrective action for identified deficiencies, execute follow-up validation of remediated controls, and perform walkthroughs of key IT controls and processes
  • Act as liaison between internal/external audit and compliance teams and/or assessment teams and departmental staff; recommend process improvements to address controls deficiencies
    • Interact with customers’ internal/external audit and compliance department during scoping, planning, execution and follow-up of internal controls testing and audits for regulatory compliance.

Preferred Qualifications:

  • 2-5 years previous experience as a consultant working with mid-large level organizations is highly preferred
  • Experience with enterprise security policies and compliance processes.
  • High level understanding of server/database/application administration, access management, change management, system development life cycle.
  • Proficient in advanced MS Office Suite, Visio and MS Project
  • Working knowledge of basic Windows 7 client and server troubleshooting and well as Exchange 2010
  • Strong working knowledge of networking including routers, TCPIP, network trace capturing (Wireshark, tcpdump, etc.)
  • Experience working with network border components such as firewalls, IPS/IDS, switches and routers
  • Experience working with log monitoring systems or components such as Snort, ArcSight, LogLogic or other Managed Security Service Provider (MSSP)

Education and Experience:

  • Bachelor’s degree (B.A. or B.S.) from four-year college or university; or equivalent training, education and experience.