Information Security Analyst
Description:
Job Title : Information Security Analyst Role
Location: HYBRID at Mason, OH (45040)/ 2 days a week (Tue & Thurs)
Duration: 6+Months on W2 (With possible extension & conversion based on the performance)
MAJOR DUTIES AND RESPONSIBILITIES
· Monitor and analyze vulnerability assessment data to identify and communicate technical risks to the organization
· Support the identification and impact classification for new vulnerabilities identified in the environment
· Execute and support vulnerability assessments, penetration testing and social engineering activities
· Provide the Information Security and IT Security team information on the emerging cyber threat landscape, including threat actor tactics, techniques, and procedures
· Facilitate vulnerability management processes by tracking and coordinating remediation efforts across multiple teams
· Ensure timely closure of security gaps by working with application, infrastructure, and operations teams
· Support IS in achieving the vision and strategic objectives of the vulnerability program
· Provide regular updates and risk summaries to leadership regarding the status of remediation efforts
· Support leadership to identify capability gaps in vulnerability management services
· Support responses to client and third-party security inquiries, questionnaires, and audit requests related to vulnerability management
· Manage and utilize IS tools such as DLP, Code scanner, external security profile, internal and external scanning tools and scoring platforms etc. to analyze gaps in security controls
· Participate in the IT SDLC program to ensure that security is included in project by default and by design
· Develop strong working relationships across business, technology units and potentially clients to ensure a high degree of alignment and accountability in remediation, security compliance and client satisfaction.
· Collaborate with cross-functional teams to improve security posture and embed security into existing IT and operational workflows
· Assist with regulatory and compliance requirements, contributing to security audits, attestations, and certifications
· Brief IS leadership on vulnerability assessment results and potential risks
· Conduct analysis, aggregate and report on vulnerability data from various scanning tools and platforms
· Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function
BASIC QUALIFICATIONS
· Bachelor’s degree in computer science, IT or equivalent
· 3+ years of experience in IT Risk or IS or Compliance
· Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST
· Demonstrated experience in implementing compliance frameworks for financial services organizations with similar information security needs and requirements
· Familiarity and understanding of a broad range of IT hardware and software products
· Strong project and time management abilities
· Excellent presentation, verbal communication, and written skills
· Excellent analytical, problem-solving and organizational skills
· Experience managing typical enterprise security and intrusion detection systems, especially in a regulated environment
· Ability to work in a collaborative environment across business and technology teams
· Experience in producing clear and actionable reports for technical and non-technical stakeholders
PREFERRED QUALIFICATIONS
· Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.
· Experience or knowledge with healthcare, health insurance, managed care, or regulated industries
· Knowledge of CMS and HIPAA related vendor standards and requirements
· Working knowledge of Security SDLC tools
· Familiarity or experience with the following tools:
o Security Scorecard, BitSight, SSL Labs
o Nessus Pro, Qualys
o Splunk, JIRA
o HCL AppScan, or similar code scanning and vulnerability tools