Senior IT Security Analyst

The Sr. Information Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise. Assesses information risk and facilitates remediation of identified vulnerabilities with the network, systems, and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/risk posture within the IT network, systems and software applications.  Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Liaise with other governance functions such Operations, IT, HR, Legal, and Compliance. 

Key responsibilities including but not limited to: 

• Management of IT security and IT risk (e.g., data systems, network and/or web) across the 
  enterprise 


• Address questions from internal and external audits and examinations 


• Develop policies, procedures and standards that meet existing and newly developed policy 
  and regulatory requirements including SOX, PCI, and/or HIPAA guidance 


• Facilitate IT security/risk training curriculum 


• Serve as a leader within IT security projects 


• Plan, implement, and upgrade security measures and controls 


• Maintain data and monitor security access 


• Manage network, intrusion detection and prevention systems 


• Recommend and install appropriate tools and countermeasures 


• Define, implement and maintain corporate security policies 


• Coordinate security plans with outside vendors 


• Maintain knowledge of new security trends and technologies 


• Other tasks as needed/determined

Education and Experience Requirements: 

• 5+ years of experience in information security or related IT roles. 


• Certified Information Systems Security Professional (CISSP) Certified (Preferred) 


• Associates Degree in Computer Science or equivalent experience in on the job experience


• Proven experience with:  


• Security operations and incident response 


• Vulnerability management and threat analysis 


• Network and application security 


• Security architecture and risk assessments 
  Excellent analytical and problem-solving abilities 


• Strong communication skills for cross-functional collaboration 


• Strong inter-personal, written, and oral communication skills including the ability to communicate complex technical issues to non-technical staff  


• Ability to translate technical risks into business impacts 


• Leadership and mentoring capabilities 


• Demonstrated ability to work in teams and prioritize and manage competing work assignments in a time sensitive environment  


• 1-2 experience with Networking, Microsoft Windows Enterprise systems, and security-related systems  


• Understanding of NIST cybersecurity framework  


• Understanding of HIPAA compliance requirements  


• Strong troubleshooting skills