Senior Information Security Analyst Job Description

View Senior Information Security Analyst jobs

Senior Information Security Analyst Job Description Template

Our company is looking for a Senior Information Security Analyst to join our team.

Responsibilities:

  • Assess vendors against security requirements and execute periodic vendor security reviews;
  • Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans;
  • Communicating findings and recommendations to client personnel;
  • Create reports and other materials to assist in monitoring the program effectiveness;
  • Partner with the company’s Operational Risk Group on framework enhancement initiatives;
  • Capable of effectively managing small teams of professionals, and delegating work assignments, as needed;
  • Assist with customer security requests and coordinate customer security audits;
  • Monitor network and firewall activity for anomalous activity, intrusion attempts, and potential security concerns;
  • Develop and maintain Standard Operating Procedures (SOPs) related to security tasking;
  • Provide guidance on IT and information security standardized metrics and criteria;
  • Detect Cyber Security incidents in real time through centralized monitoring;
  • Testing. Evaluate security configurations of systems, and perform testing where necessary to harden and secure systems;
  • Respond to incidents by applying containment and eradication strategies;
  • Analyze security events from multiple sources, including SIEM, IPS/IDS, firewalls, etc. and identify the cause of incidents;
  • Drive innovation and improvement by identifying opportunities in new technologies, capabilities, processes and procedures.

Requirements:

  • Experience of information security tools/systems: SIEM, DLP, IDS/IPS, etc;
  • Bachelor degree in Information Security, Information Technology, or equivalent years of related information security experience;
  • Bachelor’s degree in Computer Science or Engineering preferred;
  • CISM or CISSP certifications preferred, not required;
  • Great attitude, independent, and takes ownership of all tasks from start to end;
  • Ability to synthesize all forms of research into clear, thoughtful, actionable deliverables;
  • Technical understanding of Internet Protocol, distributed systems, and cloud architectures;
  • Direct access review across all applications to help better understand where unauthorized access is granted and can be removed;
  • Install security measures and operate software to protect systems and information infrastructure, including data at rest and in transit;
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls;
  • Experience with data classification, access control, and security models;
  • A good all-round knowledge of IT;
  • Knowledge of operating systems including Windows, Linux and macOS;
  • Manage third party risk management program in partnership with cross-functional teams;
  • High degree of initiative, dependability and ability to work with little supervision while being resilient to change.