Sign in

Information Security Analyst

Company:
Rita Technology Services
Location:
Orlando, Florida, United States
Posted:
November 12, 2019

Description:

This is a newly created, full time (direct hire) position for an Information Security Analyst for our client in Orlando, Florida (Southwest of downtown).

You will be a 1-person department for now, so we need someone more hands-on that has some leadership potential. The ideal candidate will have prior network or systems engineering experience.

SUMMARY:

We are looking for someone that can come in and do an overall assessment; assist in building policies and procedures, best practices, etc. Manage monitoring system (Sentinel One). The key is protecting "digital assets and hardware. Assist in planning down the line, review of frameworks, prioritize vulnerabilities, and work on a mitigation plan. Exposure to application solution; be able to manage and deal with vendors and perhaps down the line shows the potential to build a team and shows leadership qualities to do so. You will be in charge of developing and implementing security measures to protect the company s digital and physical technology assets. You will also research security measures and concerns to develop effective strategies to mitigate security risks, as well as develop systems and techniques to handle sensitive information in a confidential way.

DUTIES:

Provide guidance and expertise in the field of risk management regarding the protection and security of data. Capture/document the organization's security posture through risk assessments.Support security training and awareness by providing ideas and content to the training team as well as conducting presentations on hot security topics for stakeholders, as needed. Develop/maintain the documentation for Information Security Policies, Standards, and Procedures.Design / implement / perform internal security reviews.Perform project management of security initiatives from concept to implementation. Propose technical solutions to management and senior IT staff to address security weaknesses and coordinate with relevant stakeholders to implement. Present findings in a professional manner, recommending mitigations either via new technology, alternative compensating controls, or policy modifications for improving overall security posture. Design / develop information security architectures that support control implementation within existing architectures.Support business stakeholders at the highest levels in the implementation, remediation, monitoring, and maintenance of security policies, standards, controls, and security corrective actions across the organization, leveraging sound technical knowledge and security concepts. Minimize security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan. Manage incident handling processes which include implementation of containment, protection, and remediation activities.

REQUIREMENTS:

Bachelor's in Computer Science, Engineering, Computer Security, Information Systems, or related field - or an equivalent combination of education and experience. Enterprise Domain experience required. Knowledge of Active Directory, DNS, and DHCP.Understanding of networking concepts and configurations.Understanding of networking protocols (TCP, UDP, SSH, SSL, etc.).General knowledge of Endpoint protection solutions.Knowledge of mainstream operating systems (Microsoft Windows, UNIX and Linux) and a wide range of security technologies.General knowledge of Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc.).Strong understanding of information technology tools and concepts.Strong knowledge of Information Security principles/processes and experience writing/maintaining information security policies, standards, and guidelines.Strong knowledge of common security frameworks (ISO or NIST).Strong knowledge of PCI.Experience in risk assessments and vulnerability management.CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor) certification preferred.

U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.