- The Security Rules Management Analyst position at CLIENT is a member of the Information Protection and Risk Management (IPRM) team and reports to a Director of Cyber Security Technology. The Analyst works with the cybers security engineering team to evaluate, test and document security solutions and controls, and work closely with other security team members to remediate risks while ensuring the business can innovate.
- Information security analysts must continually adapt to stay a step ahead of cyber attackers and stay up to date on the latest methods attackers use to infiltrate computer systems. Analysts in this role are expected to consistently learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect the business.
- Information security analysts collaborate with internal and external audit and exam teams, along with technology management and business stakeholders.
Under direction from the Director and in line with stated strategic objectives, the CST Analyst will conduct industry research, explore the products available on the market to meet the requirements, OR devise a plan to build a solution internally. The Security Rules Management Analyst will focus on policy management for the endpoint and data security tools. Some (but not all) of the primary responsibilities the role will be primarily involved with are as follows:
- Provide technical assistance, solution design, and hands on development support for security controls for a Data Loss Prevention (DLP) program
- Implement technical systems and monitor them for unusual and suspicious activity across a wide range of products.
- Assist with security configuration standards for systems and business applications.
- Serve as a member of the information security and change management teams.
- Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met.
- Serve as an additional security team member, aiding in incident response (IR) with the IR and security operations center (SOC) teams.
- Maintain vendor management standards, questionnaires, and documentation to adhere to regulatory compliance.
- Interface with internal and external auditors for risk assessments.
- Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.
- Serve as a liaison for the security team.
- Perform other duties as assigned.
Technologies sets the role may secondarily support are as follows:
- Cloud access security brokers (CASB)
- Data Loss Prevention (DLP)
- Database access firewalls and database activity monitoring solutions
- Email Security solutions
- Endpoint Protection Platforms (EPP) and Endpoint, Detection and Response (EDR) solutions
- Key and Certificate Management solutions
- Public Key Infrastructure (PKI)
- At least 3-5 years of information security experience (or combination of 3 to 5 years of IT system administration with security).
- Expertise in incident response and system monitoring and analysis.
- Experience with compliance requirements (GLBA, PCI, HIPAA, SOX, etc.).
- Ability to effectively communicate business risk as it relates to information security.
- Experience in conducting risk assessments that protect the business and adhere with compliance and privacy laws.
- Knowledge of multiple computing platforms, including Windows, OSX, Linux, Unix, networks, and endpoints.
- Experience with vulnerability and penetration testing engagements.
- Experience with change and project management.
- Ability to perform data analysis using standard office productivity software.
- Strong knowledge of current cyber security threats and techniques, as well as a dedicated and self-driven desire to research current cyber security products.
- A strong customer/client focus with ability to manage expectations appropriately and provide superior customer/client experience and build long-term relationships.
- Ability to work independently with minimal supervision, with an ability to make independent decisions when appropriate.
- Excellent oral and written communications skills.
- Possesses highly effective communications skills with the ability to influence business units.
- Acts with integrity, takes pride in work and seeks to excel, be curious and adaptable.
- Displays an analytical and problem-solving mindset.
- Is highly organized and efficient.
- Leverages strategic and tactical thinking.
- Works calmly under pressure and with tight deadlines.
- Demonstrates effective decision-making skills.
- Is highly trustworthy and leads by example.
- Stays current with evolving threat landscape.