Senior Analyst, Cyber Security

For assistance on how to apply, please click here

Job Description:

Position Overview

Reporting to the Information Security Director, the Senior Information Security Analyst is responsible for risk assessment based on application, data, and technology architectures and current information security threats; for solution design and information security policy development and maintenance; for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Senior Information Security Analyst will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require practical use and understanding of security protocols and standards, solid knowledge of information security principles and practices and keen awareness of the state of the threat environment especially as it may pertain to The Andersons.

Key Responsibilities

Work with business units and other risk functions to identify security requirements, using methods that may include risk and business impact assessments.

Manage completion of information security operations documentation, including policy development.

Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.

Play an advisory role in application development, infrastructure engineering and/or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.

Assist and manage with enterprise-wide risk assessment processes

Drive cross-functional remediation of previously identified security risks and close out pending action plan

Proactively collaborate with service providers to understand operational findings and drive the appropriate company response.

Architect, develop, deploy and support information security systems and solutions such as strong authentication, key management, IPS, SIEM, antimalware, and others

Interact with internal and external customers on security-related projects and operational tasks

Participate in 24x7 Information Security Response team

Report to company management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.

Performs security due diligence assessments with vendors and contractors

Researches, evaluates, and recommends information security related hardware and software, including developing business cases for security investments

Manage services to analyze, monitor, track and report behavior/tasks logged by assets in the form of incidents to ensure the company is protected from any potential leaks or malicious activities.

Read and understand system data, including, but not limited to, security and network event logs, syslogs, and firewall logs.

Propose changes/improvements to the processes and procedures that will improve operational efficiency, provide better service, etc.

Participate in the security awareness training program review and development.

Perform risk and security assessments to identify control weaknesses and recommend remedial actions for any issues found. Manage and track competition of remedial actions.

Manages relationship with the audit groups (both internal and external). Provides information as requested, receives audit findings, and manages the collection of responses and remediation plans with owners.

Maintains an awareness of existing and proposed security standard setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommend appropriate changes. Works with other groups and assists in the development of security architecture and security policies, principles and standards.

Develop and maintain an open and candid relationship with the management through regular contact to discuss all important matters and to make suggestions for improvement.

Seek out and identify new opportunities for reducing cyber corporate risk

What is expected of you and others at this level

In-depth knowledge and experience

Uses existing solutions to resolve complex issues

Works independently; receives minimal guidance

Acts as a resource for colleagues with less experience

Represents the level at which career may stabilize for many years or even until retirement

Minimum Qualifications & Skills

Bachelor’s Degree in Business Administration, Computer Science or related field required, Master’s Degree preferred

5-10 years’ relevant experience required

Experience in IT regulation and compliance standards, such as PCI/DSS, NIST CSF 2.0/ NIST 800-53, CIS Critical Security Controls

Practical use and implementation of solid knowledge of information security principles and practices for a public corporation; Understanding of IT methodologies, such as software development lifecycle and ITIL operations

Exposures in IT security baseline and procedures development

Experience in design and implementation of Microsoft Sentinel and Arc.

Certifications/Licenses:

Tertiary qualifications in information or IT security, or industry qualifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent are required.

Additional Skills:

• Strong analytical and problem-solving skills.

• Foster and support a collaborative, harmonious team environment that raises information security knowledge for everyone.

• Critical thinking and strong judgment skills

• Successful relationship management skills

• Excellent presentation and communication skills.

• Ability to successfully negotiate and resolve conflicts

This job description is intended to describe the general nature and level of work performed. It does not include all responsibilities and skills required of the job and may be changed at any time. All responsibilities must be completed in compliance with all safety protocols, policies, procedures and consistent with the spirit and philosophy of The Andersons’ Statement of Principles.

Note: The statements herein are intended to describe the general nature and level of work being performed, but are not to be seen as a complete list of responsibilities, duties, and skills required of personnel so classified. Also, they do not establish a contract for employment and are subject to change at the discretion of the employer. The Andersons, Inc. is a Drug-Free Workplace. The Andersons, Inc. is an EO employer – M/F/Veteran/Disability/Gender Identity/Sexual Orientation.

Note: The Andersons, Inc. conducts drug, alcohol and/or medical testing of applicants and employees based on type of position. A copy of our testing policy is available by contacting the HR Department at .

We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.

PHISHING SCAM WARNING: The Andersons is aware of the continued increase of phishing scams, leveraging various methods of attack via email, text, voice and social media. Please note that The Andersons only uses company email addresses, which contain “@andersonsinc.com”, to communicate with candidates via email. If you are contacted by someone about an open job at The Andersons, please verify the domain of the sender’s email address and that they are asking you to apply on this website. If you believe you’ve been a victim of a phishing scam, please visit the Department of Homeland Security’s Cyber Smart website to learn how to report it.

R11423