Senior Information Security Analyst Job Description Template
Our company is looking for a Senior Information Security Analyst to join our team.
Responsibilities:
- Assess vendors against security requirements and execute periodic vendor security reviews;
- Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans;
- Communicating findings and recommendations to client personnel;
- Create reports and other materials to assist in monitoring the program effectiveness;
- Partner with the company’s Operational Risk Group on framework enhancement initiatives;
- Capable of effectively managing small teams of professionals, and delegating work assignments, as needed;
- Assist with customer security requests and coordinate customer security audits;
- Monitor network and firewall activity for anomalous activity, intrusion attempts, and potential security concerns;
- Develop and maintain Standard Operating Procedures (SOPs) related to security tasking;
- Provide guidance on IT and information security standardized metrics and criteria;
- Detect Cyber Security incidents in real time through centralized monitoring;
- Testing. Evaluate security configurations of systems, and perform testing where necessary to harden and secure systems;
- Respond to incidents by applying containment and eradication strategies;
- Analyze security events from multiple sources, including SIEM, IPS/IDS, firewalls, etc. and identify the cause of incidents;
- Drive innovation and improvement by identifying opportunities in new technologies, capabilities, processes and procedures.
Requirements:
- Experience of information security tools/systems: SIEM, DLP, IDS/IPS, etc;
- Bachelor degree in Information Security, Information Technology, or equivalent years of related information security experience;
- Bachelor’s degree in Computer Science or Engineering preferred;
- CISM or CISSP certifications preferred, not required;
- Great attitude, independent, and takes ownership of all tasks from start to end;
- Ability to synthesize all forms of research into clear, thoughtful, actionable deliverables;
- Technical understanding of Internet Protocol, distributed systems, and cloud architectures;
- Direct access review across all applications to help better understand where unauthorized access is granted and can be removed;
- Install security measures and operate software to protect systems and information infrastructure, including data at rest and in transit;
- Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls;
- Experience with data classification, access control, and security models;
- A good all-round knowledge of IT;
- Knowledge of operating systems including Windows, Linux and macOS;
- Manage third party risk management program in partnership with cross-functional teams;
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change.