Lead Security Analysis
General Purpose
The Lead, Security Analysis is the senior member of the Cybersecurity Risk Management group responsible for leading and executing IT security risk management and governance processes within the organization. This includes performing risk assessments to proactively identify current and future security issues/vulnerabilities and recommend remediation strategies.
Essential Functions
- Provides subject matter expertise in all aspects of risk management including performing risk assessments to proactively identify current and future security issues/vulnerabilities and recommend remediation strategies.
- Led insider risk programs by identifying improvements and establishing supporting processes across the enterprise.
- Identifies and implements improvements to enhance the Cybersecurity Risk Management program through optimization of processes, solutions, policies, procedures KPIs and other techniques.
- Develops standards to support vendor selection and RFP process and participates in product and vendor selection process to provide subject matter expertise on Information security risk and compliance.
- Maintains risk register and develops Cybersecurity Risk Management metrics and reports. Collaborates with Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to gather and analyze metrics.
- Leads information security awareness programs by regularly conducting exercises to educate employees of information security and best practices.
- Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
- Lead and perform end-to-end risk assessments across business processes, applications, infrastructure, cloud environments, and third-party/vendor ecosystems.
Competencies
- People: Building Effective Teams, Developing Talent, Collaboration
- Self: Leading by Example, Communicates Effectively, Ensures Accountability and Execution, Manages Conflict
- Business: Business Acumen, Plans, Aligns and Prioritizes, Organizational Agility
Qualifications and Special Skills Required
- Five years of experience within Information Technology with at least 3 in Security and/or Risk Management.
- Bachelor's degree preferred or equivalent combination of education and relevant experience.
- Strong understanding of security governance, compliance and risk management principles.
- Proficient in Microsoft Word, Excel, PowerPoint.
- Excellent analytical, organizational and communication skills.
- Strong Project Management skills.
PREFERRED QUALIFICATIONS
- CISSP (Certified Information Systems Security Professional)
- CRISC (Certified in Risk and Information Systems Control (CRISC)
- Working knowledge of UNIX and Windows
- Firewalls, VPN, PKI, IPS
- Oracle, MS SQL
- Virtualization Security
- Software programming skills
Physical Requirements/ADA
Job requires ability to work in an office environment, primarily on a computer. Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc. Consistent timeliness and regular attendance. Vision requirements: Ability to see information in print and/or electronically. This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.
SUPERVISORY RESPONSIBILITIES
N/A
Disclaimer
This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.