Information Security Analyst

Information Security Analyst - Temporary

Interview: Virtual Visa: Any except h1b Remote Rate: DOE Candidates have stellar communication and have they worked with auditors in a financial setting

This role is in the Governance, Risk and Compliance side of the InfoSec team. We need someone with experience working with auditors. Someone who can gather evidence, analyze evidence and work with the auditors on the evidence. This is the most important thing. The candidate needs InfoSec and Compliance experience. This Information Security Analyst - Temporary role is critical to maintaining and enhancing the organization's security posture. The Information Security Analyst will be responsible for a variety of functions, focusing on several key areas within information security, including security awareness program management, support for internal and external audits, and the development and reporting of security metrics. This position requires a blend of technical understanding, organizational skills, and effective communication to ensure compliance and mitigate risks. The Analyst will work closely with various teams, including Learning and Development, Corporate Communications, and the Enterprise Compliance Risk Management (Enterprise Compliance and Risk group) group, to achieve security objectives and contribute to a strong security culture. This is a temporary role that we expect to last approximately 20 weeks.

InfoSec / IT Audit Engagements

• Organize and delegate audit requests to the appropriate business contacts.
• Assist with the scheduling of all walkthrough meetings and follow-up discussions.
• Understand how an audit is performed, what expectations the auditors have, and how to provide evidence that is easily understood and accepted by the auditors.
• Assist on other questionnaires/examinations from third parties (i.e., state examinations, bank partner due diligence, etc.) that relate to Information Security.
• Develop a knowledge bank of audit answers and control owners. Develop and maintain a comprehensive knowledge bank that contains meticulously documented answers to frequently asked audit questions and a clear identification of control owners for each relevant area. This resource will serve as a centralized repository of information, streamlining the audit process and ensuring quick access to essential details.
• Document and map controls to system configurations. Develop and maintain comprehensive documentation that outlines the relationships between security controls and specific system configurations.
• Regularly update documentation and diagrams to reflect changes in system configurations or security control implementations.
• Ensure that documentation is easily accessible to relevant stakeholders, including system administrators, security engineers, and auditors.

Metrics Reporting

• Communicate and clearly document various Security Metrics for the Enterprise Compliance Risk Group initiative. Ensure documentation aligns with the program's objectives.
• Collaborate closely with the Enterprise Compliance and Risk group to identify key security metrics and reporting requirements.
• Develop and maintain dashboards and reports that track and visualize security metrics, providing insights to the Enterprise Compliance and Risk group group and other stakeholders.
• Analyze security metrics data to identify trends, patterns, and potential risks, and provide recommendations to the Enterprise Compliance and Risk group group for mitigation strategies.
• Identify and manage issues related to security metrics data, including data quality problems, reporting discrepancies, and deviations from expected thresholds. Work with relevant teams to resolve these issues promptly.
• Participate in regular meetings with the Enterprise Compliance and Risk group group to review security metrics, discuss findings, and ensure alignment with overall compliance and risk management goals.
• Ensure data accuracy and integrity in security metrics reporting, and implement data quality control measures as needed.

Preferred

• Assist in the development of system configuration standards that align with security control requirements.
• Monitor system configurations for compliance with security control requirements and identify any deviations.
• Assist in the investigation and remediation of security incidents related to system misconfigurations.

Qualifications

• Bachelor's degree in Information Technology, Business Administration, or a related field.
• Minimum of 5 years of experience in information security or compliance related field
• Excellent project management skills, including planning, scheduling, risk management, and stakeholder management.
• Strong communication, interpersonal, and leadership skills.
• Experience working with cross-functional teams and managing vendor and business relationships
• Security+ Certification

Preferred:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM)
• Experience in the Finance industry.