Information Security Analyst 2024

BCforward is seeking a Information Security Analyst to work remotely in EST/CST time zones
Information Security Analyst
Must be able to obtain Clearance
W2 only
remote
* The Information Security Analyst provides team and project leadership for the Configuration and Vulnerability Management team in Infrastructure and Operations. They provide subject matter expertise in Information Security disciplines focused on Vulnerability Management. The Information Security Analyst is responsible for administering vulnerability scanning and leading and executing various projects and initiatives relating to vulnerability management. Responsibilities also include researching, testing, developing, and implementing new security solutions in support of the corporate information security mission.
* The Information Security Analyst will have:
o A well-developed understanding of Information Security concepts, principals, and industry "Best Practices"
o Well-developed communication skills, both verbal and in writing
o Experience writing policies, procedures, guidelines and technical documentation
o High attention to detail
o Solid analytical skills to collect and analyze data, problem solve, and make decisions
o Ability to rapidly adapt to changing business requirements
o Ability to efficiently acquire and utilize new skills in response to change
o Technical expertise in an industry standard vulnerability scanning platform preferably Tenable Nessus
o Technical expertise in industry best practice configuration standards such as Center for Internet Security (CIS) or Security Technical Implementation Guides (STIGs).
Skillset:
1. Vulnerability Management Operational and Technical Support
a. Work closely with team members from IT and business areas to ensure new applications, systems, and processes meet Navient's vulnerability management requirements.
b. Develop and maintain detailed support documentation and procedures regarding vulnerability management systems and processes.
c. Provide ownership and direction for assigned technologies or areas of responsibility.
d. Oversee internal risk assessments and reviews of third-party service providers, subsidiaries, and partners to ensure Navient's vulnerability management policies and controls are being followed. Work with system owners to develop and execute remediation plans for any identified issues.
e. Provide audit documentation and root cause analysis remediation plans regarding audit concerns/findings, audit tracking, and audit coordination.
2.

Information Security Project Management
a. Work with detailed project plans in support of assigned projects. Commit to and meet deadlines in both quality and time.
b. Provide guidance to project team leadership for vulnerability management initiatives and work as part of a project team with other IT areas to ensure the necessary security tools, technologies, and solutions are in place to meet the Information Security mission.
c. Develop detailed system security documentation, process flows and administration manuals for computer security systems, servers, applications, and utilities.
4. Security Assessments, Risk Evaluations and Compliance Support
a. Develop security acceptance test plans and conduct security acceptance testing.
b. Conduct audits, risk assessments, and reviews of third-party service providers, subsidiaries and partners who wish to connect to the corporate network.
c. Provide support for internal and external audit reviews and examinations.
5 . Other
a. Assess and quickly resolve technical security problems related to areas of assigned responsibility while understanding the risk and exposure to the business.
b. Provides direction, consultation, and training for information security staff and emergency after hours support as required in support of the business.
c. Be part of a team that provides after hour and weekend support on a rotational basis to respond to priority issues that occur outside of the normal business day.
d. Assist in developing training and security awareness programs.
e. Travel to remote offices and affiliates to support all Navient operations as needed.
f. Perform other duties and special projects as required.
MUST HAVE:
* A minimum of ? years progressive experience working in Information Technology with at least ?+ years of direct, hands on experience in systems security management, security administration, systems audit, or security compliance.
* Must understand information security concepts, protocols, industry best practices, and strategies. Experience with industry regulatory requirements and working with internal and external audit staff is required.
* Nice to have scripting experience (Powershell, RESTAPI)
* Must be able to get required clearances.
* Must be proficient in Microsoft Office products (Excel)
* Bachelor's degree preferred. May substitute degree for experience.
Interested candidates please send resume in Word format Please reference job code 222235 when responding to this ad.