Information Security Analyst

Part of a team that establishes, supports and continuously improves the enterprise information security policies, practices and standards. Participate in on-going operational activities that serve to establish appropriate access to and provide the appropriate protection, confidentiality, integrity and availability of enterprise systems and data through effective security controls. Validate compliance with policies and standards that keep Ameriprise applications and infrastructure safe and secure from vulnerabilities.

• Provide timely and effective operational support for the firms information security tools, processes and practices.
• Partner with other support teams and vendors to resolve problems or implement new products or services. Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards. Escalate key security issues to the appropriate team to be addressed. Assist with security assurance testing activities.
• Review, analyze and respond to security events triggered through automated security monitoring systems. Validate and track security breaches, along with threats to the firms logical information, while still allowing for appropriate access. Coordinate responses to information security incidents. Work to reduce information security risks by effectively administering the information security processes across the vulnerability scanning, anomaly detection, intrusion detection, security policy and forensic functions.
• Maintain and develop knowledge of regulatory security trends, new security technologies and best practices. Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices. Participate in information security education, training and awareness activities for technology and business teams.
• Willingness to work in rotational shift.
• Ability to work under pressure and co-ordinate with offshore team.

• bachelors degree in information security, Computer Science, or related technical field; or equivalent work experience.
• 3+ years of general Information Technology-related experience, such as; networking, end-user computing, server administration, email administration, or other related fields.
• Working knowledge of Information Security and computer network/system access technologies.
• Experience working in the financial services industry or other highly regulated/compliance-oriented environments.
• Effective verbal and written communication skills, that include the ability to describe highly technical concepts in non-technical terms.

• 1-3 years of relevant security experience
• Certifications preferred: Security+, Network+ or any equivalent/higher security certifications.
• Broad hands-on knowledge of firewalls, intrusions detection/prevention systems, anti-virus software, data encryption and other industry-standard techniques and practices.
• Very good understanding of security controls, monitoring systems and regulatory/business drivers that impact security policies and practices