Analyst, It Security

The SDA Analyst is responsible for developing, maintaining, and operating information security related disciplines that focuses on ensuring business continuity, disaster recovery & service quality programs that ensures Qualfon (“Company”) can protect its clients, employees, resources, information assets and continue operating during disruption.

Responsibilities: include (but are not limited to):

• Act as a central point of contact & team lead for his/her assigned Information Security and Business Continuity programs and activities.
• Understanding the services and environment where Qualfon operates to be able to protect the company’s resources and ensure adequate business continuity & disaster recovery through:
  • Development & maintenance of information security methodologies, processes & procedures
  • Support the implementation of safety & security controls and recommend areas for risk reduction
  • Implementing DR and BCP programs (i.e. BIA, preparing, scheduling, and conducting resiliency and disaster recovery exercises)
  • Training and awareness relevant to his/her areas of responsibility
• Understanding the Company’s contractual and regulatory obligations that mandates the focus on risk-centric management and alignment to the Company’s objectives and compliance drivers through:
  • Client / Internal audits
  • Support external audits such as ISO27001, SOC2, PCI DSS, and HIPAA ensuring the
  • Quality control, evaluation and management of artifacts
  • Coordinate regular system and network resiliency reviews and tests to verify disaster recovery and business continuity adequacy
  • Support RFP and contractual agreements process in assessing security requirements from potential customers
• Understanding the framework of the various data privacy and protection requirements that ensure the proper handling of sensitive data
• Reduce the likelihood of disruption through infrastructure resiliency & prepare the Company in recovering through business continuity & disaster recovery programs
• Collaborate on DRBC training & tabletop scenarios and liaise with various business units and 3rd party stakeholders
• Continuously improve the capability and use of technology to align with emerging threats and evolving information security landscape
• Operate and deliver the relevant services by meeting or exceeding the expectations of Clients and Internal Customers
• Lower the total cost of ownership (TCO) in each opportunity presented and leading the evaluation and implementation of assigned programs to completion
• Coordinate with site directors on development, maintenance and training for their local ERT (Emergency Response Teams)
• Assist and improve security awareness program
• Integrate systems and leverage new technologies such as AI, ML, and automation
  • Knowledge of analysing big data is an advantage

Minimum Education & Work Experience Requirements

• Qualification Required: Bachelor’s degree in computer science, information technology or other related major required
• Certification preferred: CISSP, CISA, CISM, and/or CISA desired
• Minimum experience: 3+ yrs. In relevant fields with capabilities relevant in the IT (Systems, Network) and Information Security fields  
• Engineering and/or Safety & Hazzard training or experience a +

Skills and Experience Required:

• 3+ years of combined experience in IT / information security, disaster recovery / business continuity
• Knowledge of IT, security & safety issues, trends & best practices, including industry standards such as SOC2, ISO 3100, ISO 22301, ISO 27001, ISO 9001, OHSAS 18001, ISO, PCI-DSS, HIPAA, NIST and CSA CCM/STAR desirable.
• Experience in working in enterprise risk management, risk management frameworks, concepts and methodologies is a +
• Proficient in interfacing with business leaders at various levels including middle and senior management.
• Ability to lead disaster recovery & business continuity programs with a focus on continuous improvement & future risk mitigation planning.
• Working knowledge in one or more privacy laws such as GLBA, HIPAA, EU DPA, UK DPA, FCRA, GDPR is a +

Behavioural Competencies

• Outstanding interpersonal and communications skills; ability to communicate effectively with both technical and non-technical audiences.
• Excellent teamwork skills as both a leader and team member
• Proactive, hands-on, results-driven orientation required.
• Ability to work autonomously with flexibility and excellent judgment
• Ability to work effectively under pressure to meet deadlines
• Ability to solve problems quickly and develop process automation where applicable

Location:- Permanent work from home.   NOTE:  Work may require occasional travel.

Shift timing: US Eastern Time 8:00 – 17:00