Information Systems Security Analyst (Risk and Compliance)

How will you CONTRIBUTE and GROW?

The Information Systems Security Analyst (Risk and Compliance) ensures the existence and enforcement of policies, procedures, and programs that safeguard Airgas information systems and data from malicious, unauthorized or unintentional breach, loss, availability or performance degradation, or other compromise of Airgas computing assets.

Responsibilities:

• Manage the company’s information systems security program, consistent with policies that support business objectives and requirements.

• Ensure Digital and IT system compliance to security policies, standards, and practices.

• Recommend and direct the implementation of solutions for non-compliant systems.

• Maintain and administer the company’s vulnerability management program to identify security risks and recommend corrective actions by the responsible system managers.

• Assist in developing policies, procedures, or processes that add to the overall effectiveness of the information security program.

• Work with business and project managers as new projects and processes with IT reliance are designed.  Identify, record, and assist in recommendation of remediation to align compliance and risk.

• Monitor and respond to risk alerts generated by security systems in accordance with the company incident response plan. 

• Facilitate, and promote activities to create information systems security awareness within the company.  

• Complete risk assessments to identify the company’s critical computing and data assets, and ensure they are protected.

• Stay current with the latest cyber security threat landscape, IT Risk and compliance tools and technology and advise the IT management team of applicability to the company’s systems.

• Monitor third-party service providers for compliance with information security policies and procedures

• Assist reviews and assessments with the internal and external auditors. Track open IT audit findings or compliance deficiencies to ensure prompt resolution and risk mitigation.

• Manage the company’s information security compliance initiatives, including but not limited to PCI-DSS, HIPAA, and DHS CFATS.

___________________

Are you a MATCH?

• Qualifications:

• Minimum of three years in an information systems security analyst role for a large, publicly traded organization; minimum of seven years in information systems technical roles, such as IT system administration or Network Ops.  

• Thorough knowledge on enterprise class  security tools such as Tenable Security Center, Tripwire, Symantec Endpoint Protection, Nmap, and OWASP ZAP or equivalent tools.

• Extensive knowledge of and experience in information systems security

• Excellent interpersonal, verbal and written communication skills

• Experience with risk analysis and the implementation of vulnerability management programs and related tools and systems

• Experience with developing and providing an information security awareness and training program

• Experience with developing and maintaining information security policies and standards

• Experience with information security related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and auditing

• Technical experience in network administration, system administration, application development, database administration, and/or data center operations

• Knowledge of information security and compliance related issues involving PCI-DSS, Sarbanes-Oxley, data privacy, and similar policies and laws

• Certified Information Systems Security Professional (CISSP) certification is a plus.

•  Bachelor’s Degree in Computer/Information Science, a numerate discipline or equivalent experience.

•  

Our Differences make our Performance

At Air Liquide, we are committed to build a diverse and inclusive workplace that embraces the diversity of our employees, our customers, patients, community stakeholders and cultures across the world.

We welcome and consider applications from all qualified applicants, regardless of their background. We strongly believe a diverse organization opens up opportunities for people to express their talent, both individually and collectively and it helps foster our ability to innovate by living our fundamentals, acting for our success and creating an engaging environment in a changing world.