Information Security Analyst II

The Information Security Analyst II will support and ensure the protection of networks, systems, applications, and data by maintaining security policies, practices, and technologies. This role acts as an information security expert, ensuring effective corporate security controls and participating in day-to-day security operations, including responding to events and recommending corrective actions. The analyst will also support Governance, Risk, and Compliance (GRC) functions and the Payment Card Industry (PCI) Compliance Program.

Must Have

• Support security policies, practices, procedures, and technologies
• Ensure protection of networks, systems, applications, and data
• Act as an information security expert within the organization
• Ensure corporate security controls are effective
• Be involved with day-to-day security operations
• Respond to security events of interest
• Recommend corrective action by working with IT and non-IT team members
• Support processes and objectives of GRC function and PCI Compliance Program
• Participate in audit, compliance, and regulatory functions (PCI DSS, SOX, privacy laws, general security auditing)
• Participate in a vulnerability management program (scans, penetration tests, documentation, remediation, monitoring, recommendations)
• Represent security interests in third party and customer contract reviews
• Facilitate and manage policy exception, risk acceptance, policy management, and other GRC workflows
• College degree in Management of Information Systems, Information Security, Business/Accountancy (auditing focus), or equivalent experience
• Experience with audits, controls, and PCI and/or ISO requirements
• Experience administering and creating workflows in GRC tools
• Experience working in a highly-regulated environment
• Working knowledge of IT security, compliance, and regulatory requirements (PCI DSS, SOX, HIPPA, privacy laws)
• Advanced knowledge of IT security concepts
• GIAC Security Essentials (GSEC) certification
• Other Governance, Risk, Compliance, Audit, or Security certifications

Perks & Benefits

• Sulamerica Health
• Sulamerica Dental
• Vidalink
• Food/Meal Voucher
• Child Care Assistance
• Day off: on birthday
• Gympass
• Language assistance
• Digital course platform
• Volunteer time off: 2 days a year

The Information Security Analyst II will support the security policies, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, and data. This role will be looked to as an information security expert within the organization, helping ensure corporate security controls are effective. This role will also be involved with day-to-day security operations by responding to security events of interest and recommending corrective action by working with IT and non-IT team members.

This job is responsible/accountable for supporting the processes and objectives of the Governance, Risk, and Compliance (GRC) function and Payment Card Industry (PCI) Compliance Program within the Information Security department.

We are looking for a candidate who will:

• Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal privacy laws, and general security auditing
• Participate in a vulnerability management program that includes: external and internal vulnerability scans of applications and systems, external and internal penetration tests of applications and systems, the documenting and remediation of identified vulnerabilities and exploits, routinely monitoring various communication avenues for security vulnerabilities and security patches, taking a risk based approach comparing those security vulnerabilities and security patches across the operating environment, and making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
• Participate and represent the organization’s security interests in third party and customer contract reviews
• Facilitate and manage the policy exception, risk acceptance, policy management and other GRC workflows within the security function

Is this opportunity right for you? We are looking for candidates who has:

• College degree: Management of Information Systems, Information Security, Business/Accountancy (auditing focus), related field, or equivalent experience
• Experience with audits, controls, and PCI and/or ISO requirements
• Experience administering and creating workflows in GRC tools
• Experience working in a highly-regulated environment
• Working knowledge with IT security, compliance, and regulatory requirements, such as: Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), Healthcare Information Privacy Protection Act (HIPPA), state and Federal privacy laws
• Advanced knowledge of IT security concepts.
• GIAC Security Essentials (GSEC)
• Other Governance, Risk, Compliance, Audit, or Security certifications