Senior Information Security Analyst

ESSENTIAL FUNCTIONS

• Works closely with internal technology teams, business stakeholders, and outside vendors to research, analyze and monitor security threats
• Maintains current knowledge of new technologies and security threats; makes recommendations on improving existing solutions
• Identifies and implements new security solutions under the guidance of the CISO
• Collaborate with the IT Project Management team to plan, implement, and manage cyber security technologies to protect the confidentiality, integrity, and availability of MJ’s systems and services
• Develops reporting mechanisms for cyber security key performance indicators (KPI), and updates the senior leadership team on a regular basis
• Implements and administers network security infrastructure including firewalls, network sensors and logging platforms
• Collaborates with the MJ IT team to resolve vulnerabilities discovered within the vulnerability management program
• Defines strategy and technology roadmap for network security under the guidance of the CISO
• Works cross functionally to prepare documentation and evidence for various audits and legislation (SOC II, HIPAA, GDPR, CCPA)
• Assists the Helpdesk with security related requests and incidents
• Develops and implements automation wherever possible to improve long-term management of assets
• Manages MJ’s cyber security education campaigns
• Oversees the utilization of MJ’s enterprise credential management systems
• Participates as a SME within the Information Privacy and Security Committee
• Research, procure, and negotiate with vendors for security related products
• Knowledge of industry frameworks including NIST CSF, and CISv8 Controls

TECHNICAL FUNCTIONS

• Prior experience in an information security role (Information Security Analyst, Consultant, Engineer, Etc.)
• Demonstrated understanding of and experience with security-related technologies, systems and tools
• Ability to conduct security reviews of prospective vendors
• Experience working with cloud providers (AWS, Azure, GCP)
• Knowledge of scripting languages including Python and Powershell
• Superb interpersonal and organizational skills
• Experience with Next-Gen Firewalls, O365, Hypervisors, Cloud IaaS Providers, Databases, Automation Tools, Patch Management, Vulnerability Management Platforms, MDR/XDR Platforms
• Experience in threat modeling and vulnerability assessments

REQUIRED EDUCATION

• Security certifications (CISSP, CompTIA Security+, CEH, CISA, CGEIT, CRISC)
• BS Degree in Cybersecurity, Computer Science, or related field