Sr. IT Security Analyst
Sr. IT Security Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
10years
65 - 65
1 Vacancy
Job Description
Essential Duties and Responsibilities:
- Conduct risk assessments and manage the development and execution of business continuity and disaster recovery plans.
- Participate in Third Party Risk Management activities including Vendor evaluations and Security Reviews
- Participate in the investigation and review of potentially fraudulent activities.
- Perform data and system classification of all systems.
- Track all vulnerabilities and risks stemming from security controls and technical scan findings; and perform appropriate reporting and tracking of those risks.
- Review business and technology operations and provide risk reduction or mitigation strategies.
- Ability to use enterprise vulnerability management tools to conduct security reviews
- Scan agency assets and direct the remediation of identified flaws coordinating with responsible system owners as necessary draft and file exceptions as appropriate.
- Monitor alerts and participate in response to security events or policy violations.
- Develop new and maintain existing policies and procedures related to the information security program.
- Assess the implementation of systems and business processes to validate that the required controls are being implemented and working as expected document system security plans.
- Serve as primary contact for internal and external auditors requests for information during annual audits; respond to follow-ups questions from auditors and develop mitigation plans for identified findings.
- Provide requirements for permissible use within the agency and participate in third party contract reviews to ensure that vendors can meet Commonwealth security requirements.
- Provide ongoing vendor management and oversight to validate third-party service and technology providers remain compliant with control requirements and have necessary contract language in place.
- Automate repeatable task to improve efficiencies.
- Work with CISO ISO and others to develop KPI s for security alerts and response
- Serve as Subject Matter Expert (SME) on information security-related projects and initiatives assigned
- Works with all levels of management and staff to improve processes and procedures.
- All other duties as assigned.
Requirements
Must Have Skills:
- Must have a minimum of 10 years of experience with information security data analytics and fraud prevention.
- Working knowledge of vulnerability scanning tools such as: Rapid 7 Tenable and Burp Suite is required.
- Working knowledge of Splunk & Microsoft Windows is required.
- Working Knowledge of NIST 800-53 is required.
- Previous professional experience training staff on security protocols
- Experienced in working with third-party providers and managing vendors
Preferred Skills (Nice to Have)
- Technical certifications such as ISC2 CISSP ISC2 CGRC CompTIA CASP or equivalent security certifications are preferred.
- Experience in a financial organization is preferred.
- Prior experience as an ISSO or BISO is preferred.
- Ability to enforce information security principles and policies.
- Understanding of network protocols operating systems firewalls anti-malware software and intrusion detection systems is preferred.
1) Must have a minimum of 10 years of experience with information security, data analytics, and fraud prevention. 2) Working knowledge of vulnerability scanning tools, such as: Rapid 7, Tenable, and Burp Suite is required. 3) Working knowledge of Splunk & Microsoft Windows is required. 4) Working Knowledge of NIST 800-53 is required. 5) Previous professional experience training staff on security protocols, 6) Experienced in working with third-party providers and managing vendors
Employment Type
Full Time
