Security Analyst

Primary Purpose and Goal

The Solution Review Service’s Security Analyst conducts information technology security reviews (infrastructure, system and application) for risks to technology environment and data privacy obligations, and authors risk assessments and recommendations regarding such controls for a wide-range of technology solutions throughout their lifecycle. The QA Manager conducts a detailed review of Analysts work.

Responsibilities and Tasks

Provide quality assurance (appraisal and approval) of security deliverables, to include revising and drafting test plans, security specification reviews and standards, and technical documentation
Conduct the review of applications from a security and privacy perspective; review and contribute to IT Standards used in the solution security review process and provide security recommendations and better practices regarding secure software development in waterfall, agile, and DevOps methods
Provide and document advice, risk assessment and recommendations regarding privacy and security controls for projects/solutions throughout an asset's lifecycle
Communicate regularly with Project Managers, project teams and representatives from various functional teams, including escalating any matters that require additional analysis to functional subject matter professional(s)
Provide input on the formulation of risk control standards that impact ITS Global projects and business sponsors; advice on and develop recommendation to improve ITS Global's software development program by integrating security processes, technologies/tools and methodologies to enable agile and DevOps delivery
Work with others in the Information Protection Group on ongoing or new information risk activities, as the need arises.

Management and Competencies

Demonstrated ability to lead and collaborate with a globally dispersed, multi-cultural and multi-discipline team
Background working on large-scale international projects and the ability to manage multiple processes and projects at once
Ability to Plan large projects and prepare executive level reporting including financial analysis
Strong written and oral communication skills for effective communication at all organizational levels
Ability to gain and maintain credibility with other internal working groups & teams

Skills:

Qualifications

5 to 10 years of relevant IT and IT security experience with a background in software security, software develop using Agile and DevOps methods and tools
Experience in documenting processes and reviewing or drafting technical architecture and cloud security architecture material better practice; prefer prior Azure experience
A holistic understanding of attack vectors, current threats, and remediation strategies. Experience with computer forensics practices and procedures, basic investigations, and evidence handling is preferred.
Professional security and cloud qualifications such as CISSP, CISA and CCSP preferred. Applicant must be willing to obtain CISSP, if they are not already certified

Certifications & Licenses:
CCSP
CISA
CISSP