Information Security Analyst
Description:
For more than 18 years, CareWorks Tech has been delivering technology solutions that drive results. As your advocate, the common thread across our associates is crafting the right tech-savvy solutions. Whether it’s IT Consulting, Infrastructure Services, Security, Enterprise Service Management or Interactive, we’re all about finding solutions that advance your career aspirations. Our ongoing client relationships speak to our long-term collaborative partnerships.
Job Description: The Senior Information Security Analyst is responsible for the day-to-day security operations within Retail Services for security related applications, databases, and other system environments within Information Security. You will be expected to champion processes and technology as a subject matter expert in various areas and to demonstrate this ability at a senior level. The position reports to the Manager, Information Security and works closely with teams in other Information Security disciplines, Infrastructure, and Operations areas to help provide superior protection to Retail Services information assets.
Responsibilities
Analyze and evaluate requirements in the implementation of key IT projects and initiatives as they pertain to the organization’s long-term security strategy.
Understand the various tools and technologies commonly associated with Information Security.
Serve as the subject matter expert in various technical information security disciplines and mentoring junior staff. Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied as applicable within the department.
Lead various projects in the InfoSec space, as assigned by leadership.
Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
Lead the creation of and the maintenance of relevant documentation.
Assist with development and delivery of Key Performance Indicators (KPIs) through the understanding of the tools and deliverables and by helping to develop, maintain and mature the associated reporting structure.
Applies knowledge from previous roles and jobs to current responsibilities.
Comprehensive understanding of the InfoSec team’s strategy and vision and actively works as a change agent to support these initiatives both within the InfoSec team and the broader organization.
Ability to identify when to partner with leadership to resolve issues, risks and/or obstacles.
Identifies and understands drivers for change and will act as an individual champion or partner with leadership to deliver those changes.
Builds consensus for delivering results while finding common ground for collaboration and partnership.
Effectively partners with peers within the department to include them in key projects, risks or issues.
Performs consistently at or above the expectations of leadership in delivering good quality work and delivers work accurately and on time.
Perform other duties as assigned by leadership.
Requirements
Bachelor Degree in Computer Science, Audit, Networking or other computer related field or study- Preferred not required
5-8 years of working experience in an information security, IT audit, risk management or other related fields.
Security certifications preferred, or able to complete certification within 12 months of hire (CISA, CISSP or other industry recognized certification as agreed upon by InfoSec Leadership)
Working knowledge of and experience with information security techniques and underlying infrastructure.
Additional Skills and Experience
Experience leading and/or coordinating projects; Broad range of skills with different technical platforms (servers, networks, storage, security, Internet and cloud based technologies, etc.)
Special consideration for experience with Mainframe and Cloud environments.
Working knowledge of ISO 27001/27002 and NIST security standards
Working knowledge of various regulatory compliance requirements including PCI DSS and SOX.
Ability to maintain the highest level of confidentiality and professionalism.
Possess analytical, problem-solving, project management skills, and a working knowledge of core banking platforms and FFIEC/FDIC requirements.
Ability to work in a team fostered, fast-paced, multi-tasking environment.
Excellent interpersonal, written, and oral communication skills as well as issue resolution and negotiation skills.
Assist in developing and approving policies and standards for data loss prevention. Report common and repeat problems (trend analysis) to management; propose process and technical improvements.
Comfortable interacting consistently with affected customers and business areas to work to resolve issues regarding business processes that do not align with DLP best practices.
Relevant Skills and Experience Specific to the Role
Monitor and respond to DLP events
Interact with customers and supporting teams to manage events until closure
Ensure that Service Level Agreements (SLAs) are met
Assist in troubleshooting issues that may arise from an incomplete scan, scan related performance issues, agent related performance issues, alert generation, email and network traffic related performance issues
Develop and enhance DLP policy to identify and appropriately protect data while in use, in motion, and at rest
Assist in maintaining all DLP related documentation
Continuously propose configuration and tuning opportunities of DLP systems, policies and response rules
Develop workflows for incident and alert generation for policy violations
Assist in providing best practice solutions for data protection
Identify gaps in procedures, and willingness to communicate them to the team, as well as the business, and suggest improvements
The CareWorks Family of Companies is committed to providing career opportunity and growth to all Associates without regard to race, color, religion, sex, national origin, age, marital or veteran status, medical condition or disability.
CareWorks Tech Strategically-Led Technology Solutions
5555 Glendon, CT
Dublin, OH 43016
614-789-3767
david.horvay@careworkstech.com
Thank you for considering CareWorks Tech for your next career opportunity. CareWorks Tech is not your typical technology company. We are part of the CareWork’s family of companies which is one of Ohio’s largest managed care organizations, serving over 115,000 employers and owned by York Risk Services Group. We have 4 guiding principles: (1) Customer Commitment (2) Attitude of Service (3) Respect for the Individual and Team and (4) Exceeding Expectations. We invest in your training, professional development, benefits (medical, 401k, paid holidays/vacation, etc.) and personally focus on your career success. We have operations in 85 locations worldwide and employ 5,000+ people.