Senior Information Security Analyst

Job Summary

We are seeking a Senior Information Security Analyst with expertise in Network Security, Information Security (IS) compliance, control measures, IT infrastructure, and systems administration. Under the guidance of the IT Manager, the Senior IS Analyst will be part of the Joint IT Infrastructure team, collaborating closely with both local and global IT/IS teams on a wide range of IS/IT roles and responsibilities.

Roles & Responsibilities:

Security Monitoring and Incident Response:

• Continuously monitor network and IT systems for security incidents.
• Develop response plans to mitigate risks and minimize impact.
• Manage security tools and technologies such as endpoint protection, encryption solutions, and SIEM platforms to enhance Milliman India’s security posture.
• Work closely with cross-functional teams to update controls and document remediation patterns to maintain compliance with reliability, privacy, security, and regulatory standards.
• Produce regular reports, supporting continuous improvement of procedures and controls.

Vulnerability Management:

• Identify, assess, and prioritize vulnerabilities in infrastructure, applications, and systems using tools like Qualys.
• Conduct vulnerability scans and penetration testing.
• Develop and implement plans to remediate vulnerabilities in accordance with Milliman policy.

Security Policy and Compliance:

• Evaluate existing security controls and processes to identify gaps and weaknesses as per MISP.
• Design, implement, document, and test security solutions that align with industry best practices and our MISP.
• Develop, implement, and enforce security policies, standards, and procedures to ensure compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001).
• Monitor and audit adherence to security policies and proactively address any non-compliance issues.

Incident Response Planning and Management:

• Develop and maintain incident response plans. Implement responses to security incidents effectively in collaboration with GCS.
• Coordinate incident response activities across different teams and stakeholders to contain and mitigate security incidents efficiently.

IT/IS Infrastructure Support:

• Collaborate with the IT Infra team to deploy and implement new technologies and solutions, providing troubleshooting support for IT/IS infrastructure-related issues to minimize downtime and disruption.
• Actively participate in continuous improvement initiatives to enhance IT infrastructure and IS services.
• Conduct Information Security (IS) surveys to assess and report on the security posture.
• Manage responses to Information Security Questionnaires from clients. Interact with multiple cross-functional teams to educate, train, and address questions related to processes, controls, and risk mitigation.

Required Skills & Attributes:

• Knowledge of network security practices and anti-malware programs.
• Proficiency in security monitoring tools such as SIEM platforms.
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus) and strong risk assessment and remediation planning skills.
• Hands-on experience with Windows environments and Microsoft systems administration, including installing, configuring, and troubleshooting Windows-based environments.
• Solid understanding of networking concepts (OSI network layers, TCP/IP).
• Ability to identify, communicate, and mitigate IT risk within technical solutions.

To be successful in this role you will:

• Have a bachelor's degree in IT/CS or equivalent.
• Have 5 years of experience in Information security operations and IT Security.
• Have knowledge of traditional Endpoint, Server, Network, Perimeter, and Information security reviews.
• Hands-on experience with SIEM, EDR Tools, IDS/NDR, Email security, and exposure to Windows, and Open-Source Intelligence.
• Must have good knowledge of ISO 27001/NIST frameworks.
• Have excellent verbal and written communication, interaction, and presentation skills.
• Good To Have Certifications: CEH, CISSP, CCNA, CCNP, or any certification in cyber security.