The Senior Information Security Analyst position is part of a team that provides Global IT Information Security and information risk management services for our global company. The ideal candidate will have worked in a global environment with experience delivering Global Information Security services in support of multiple business lines in a Global, regulated environment
• Thorough knowledge of Globally Accepted Information Security principles, with strong knowledge of current information security techniques and technologies such as threat and vulnerability management, security operational service delivery, and remediation for a large, multi-platform organization.
• Expertise in Threat and Vulnerability Management – reviewing environment for vulnerability exposure and emerging threats, ensuring all vulnerabilities are appropriately remediated.
• Perform vulnerability & patch analysis identifying new in-scope patches & rate for severity, produce metrics, and follow-up with responsible parties.
• Experience using Vulnerability scanning and Penetration testing tools.
• Supporting Incident Response - managing the investigation, containment, and response to information security incidents.
• Perform Suspicious Activity Monitoring – Monitor and investigate potential Information Security incidents from various security systems (e.g. IDS, anti-virus, DLP, SIEM, logs, etc.), thru resolution and RCA.
• Produce metrics of the respective security services and processes
• Provide support for corporate investigations including Privacy, HR and Ethics.
• Support delivery of education and awareness programs in the areas of IT Compliance, PCI DSS, and Information Security in partnership with Stanley Physical Security.
• Provide guidance to IT and Business partners ensuring secure implementation of systems, applications, and services.
• Support introduction / enhancement of technology policy and security controls.
• Respond to daily Information Security incident/problem support requests
• Perform Project-based work as required.
• Work collaboratively across enterprise IT and the business to create a cohesive business-aware, risk managed environment.
• Proven experience providing technology and functional subject matter expertise for the oversight of Information Security processes, architectures, and system implementations within a large, complex IT environment
• Team player, self-motivated, able to work independently, and demonstrating initiative.
• Effective communication, critical thinking, analytical, and decision-making skills.
• Must have strong verbal and written communications skills.
• Must be able to communicate and work with all levels within the organization
• Working knowledge of IT Security Operations, Compliance, and Disaster Recovery across multiple technologies
• Digital Certificate Authentication & validation expertise with applied operational experience
• Experience reading and interpreting regulations, laws, and statutes.
• Strong research skills
• Problem solving skills as well as flexibility and adaptability are of key importance
• Certifications preferred: CISSP, GIAC, CISA, SSCP, or CEH
• Undergraduate Degree from a four-year university with a degree or major course work in computer science, telecommunications, networking, engineering or other computer-related field of study with 6-8 years experience working in an information security or risk management related field, or
• Graduate Degree and 4-6 years of relevant experience.