Information Security Analyst

Pay Range: $58,500.00 - $76,726.00

Perform detailed assessment and analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, security operations and software development security. This also includes reviewing key system configurations and complex IT infrastructures (e.g. cloud services, SaaS applications, virtual desktop).

Education and Experience:

•  Bachelor’s degree in computer science, information technology or related discipline preferred. Associates degree or equivalent work experience as an alternative on a case by case basis.
• 1-3 years of experience in IT, application development, cybersecurity or related technology discipline or demonstrable experience of equivalent skills.
• Relevant security certification or willingness to obtain (e.g. Security+, CISSP, CCSP, CEH, CISA, etc.)

Skills and Abilities:

• Excellent verbal and written communication skills.
• Excellent team player.
• Technical aptitude, curiosity and a willingness to figure things out.
• Working knowledge of corporate IT systems, cybersecurity and application security standards.
• Familiarity with or working knowledge of programming and application development.
• Familiarity with public cloud architecture and risk management concepts.

Tasks Performed:

• (25%) Conduct information security risk assessments for business lines, third-party risk management and ad-hoc threat scenarios.
  • Conduct risk assessments and risk analysis in accordance with internal polices and applicable regulations (e.g. SOX, GLBA, NY DFS, CFPB, FFIEC, Reg P) as it relates to new technology, major changes to existing technology or architecture, vulnerabilities and ad-hoc threat scenarios.
  • Based on risk assessments, develop recommendations for risk treatment, including mitigating controls.
  • Support business lines and the third-party risk management process as it relates to information security reviews and assessments.
  • Document and present findings to technical and non-technical audiences.
•  (25%) Develop and manage the continuous implementation of the cloud security strategy.
  • Develop and manage the continuous implementation of the cloud security strategy as it relates to SaaS applications, public cloud architecture and zero trust principles.
  • Work with internal teams to establish procedures for implementation of the cloud security strategy in applicable environments.
  • Stay informed about evolving threats related to specific cloud vendors and platforms.
  • Document and present findings to internal teams related to evolving threats to cloud environments.
  • Ensure compliance with applicable regulations (e.g. SOX, GLBA, NY DFS, CFPB, FFIEC, Reg P) in cloud environments.
•  (25%) Develop and oversee day-to-day application security functions.
  • Serve as the security liaison to internal application development teams.
  • Manage security tools and processes within the SDLC process, including but not limited to static and dynamic application security testing and the software bill of materials.
  • Manage third-party assessments of proprietary applications.
  • Develop security advocates with in the various software development teams.
  • Ensure adherence to OWASP standards and applicable regulations within the SDLC process.
• (15%) Perform incident response and investigative functions.
  • Assist with identification, response and remediation of active cyber threats.
  • Review threat intelligence, assess risk to the organization based on relevant threat intelligence, convey findings in a clear and concise manner to colleagues and leaders.
  • Participate in computer security and business continuity incident response events.
  • Provide support to fraud investigators, cybersecurity operations, third-party risk, identity and access governance as needed.
• (10%) Perform other duties as assigned.

• Physical Requirements:

• Communicate effectively with internal and/or external customers
• Stationary 75% of time or greater
• Move Objects to Maximum 10 lbs.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.