The Information Security Analyst will conduct access provisioning, risk assessments and analysis of existing access to systems, applications, databases, and data to ensure that access is appropriate, and separation of duties does not exist
- The Information Security Analyst will participate in projects and work with business units to provide requirements on implementation of controls
- The incumbent will provide support of systems that are used by the team to conduct access reviews and maintains privileged accounts
- This support will include configuration of systems, analysis of output from these systems, and initiating jobs from these systems
Primary Responsibilities
- Processes Information Security and Identity Management access requests and/or operational incident tickets. May run vulnerability scans on systems and applications.
- Is on call 24/7 to address security related access issues on a rotational basis.
- Collaborates with development and other functional areas to address vulnerabilities within systems/applications.
- May conduct risk assessments on vendors and internal applications.
- Creates reports that are issued to the business owners and works with the business owner and vendor to address findings.
- May conduct access reviews of systems and applications with data stewards to ensure access is appropriate and separation of duties does not exist.
- Acts as liaison to auditors (internal and external).
- Provides support for the secure password vault. Investigates alerts and works with business units on remediation.
- Collaborates with third party vendors on conducting penetration testing of internal and external network, as well as all identified applications and systems.
- Tracks and works on remediation of findings.
- Connects internal systems, applications, and databases into the Access Review and Identity Management tool to provide automation to access reviews and user provisioning.
- Provides 24/7 support for the Privileged Access Vault (Cyber-Ark) to onboard identities and connect into systems and applications.
- Performs other duties as assigned.
Qualifications
Any combination of relevant education and experience and/or related professional designations/certifications in this field is highly desirable.
Education
- AAS degree or equivalent work-related experience.
Experience
- 2-4 years experience working in a security, fraud or risk management function or equivalent experience in a distributed computing environment that includes in-depth knowledge of applications and systems.
Essential Skills
- Significant technology experience including Cloud Access Controls, access management (SailPoint), ServiceNow.
- Knowledge to support recovery strategy, design and testing.
- Strong analytical and problem-solving skills.
- Ability to adapt to potentially ever-changing situations and ability to work well under pressure.
- Ability to present self in a confident and professional manner.
- Ability to deal with all levels of individuals, internal and external.
- Excellent communication skills, both written and verbal.
- Excellent customer service skills.
- Outstanding analytical skills and ability to synthesize situations for corresponding solutions.
- Ability to communicate to technical teams in a clear, concise format.
- Self-starter; demonstrates personal initiative and willingly assumes responsibility and ownership.
- Strong organizational and time management skills.
