The Senior Information Security Analyst will be responsible for safeguarding the organization's computer networks and systems. They will plan and implement security measures to protect sensitive data and systems from cyber threats, unauthorized access, and other vulnerabilities.
Essential Functions include but are not limited to the following.
You will be expected to:
- Develop and implement comprehensive information security policies, procedures, and standards in alignment with the company's objectives.
- Monitor security access and perform security internal and external audits to identify potential risks and vulnerabilities, ensuring continuous network and data integrity.
- Lead incident response activities, including thorough investigation and mitigation of security breaches. Document incidents and develop a protocol to prevent future occurrences.
- Partner and align with Product and DevSecOps teams to reinforce product security that the implementation is in place.
- Perform regular security audits and spearhead penetration testing to evaluate the effectiveness of current security measures.
- Perform on-premises network and endpoint penetration testing.
- Ability to identify and mitigate network and system vulnerabilities.
- Collaborate with the IT department to enhance infrastructure in terms of security. Configure and manage security tools such as firewalls, antivirus software, patch management systems, and other security enhancement tools.
- Educate and train staff on information security and compliance best practices.
- Stay up to date with the latest security trends, threat landscape, and security technologies to maintain organizational cyber resilience.
- Provide security expertise and guidance on a variety of projects and initiatives.
- Develop business continuity and disaster recovery protocols.
- Gather feedback from end-users to continue improving systems.
Requirements
Key technical expertise areas expected for this role:
- Bachelor's degree in computer science, Information Security, Information Technology, or a related field; master's preferred.
- A minimum of 5 years of experience in an information security role, with a proven track record of managing complex security projects.
- Strong knowledge of security frameworks and industry regulations (e.g., ISO 27001, SOC2, NIST, GDPR, HIPAA, etc.)
- Proficiency in risk assessment tools, technologies, and methods.
- Expertise in designing secure networks and systems.
- Experience with network security technology (firewalls, VPNs, IDS/IPS) and system security (operating systems).
- Experience implementing cloud security technologies, including encryption, network security, intrusion detection, cloud monitoring, and digital forensics.
- Experience triaging and remediating organizational incidents with wide-ranging business or customer impact.
- Excellent problem-solving skills and the ability to think analytically.
- Strong communication and interpersonal skills to effectively convey complex information security topics to a variety of audiences.
- Willingness to be on-call to respond to security incidents and system outages.
Additional areas that would add value:
- Relevant professional certifications such as CISSP, CISM, CEH, or CompTIA Security+.
- Demonstrated experience representing an organization's information security program in presentations and discussions with customers, partners, and other external parties.
- Additional certifications in specific technologies, security methodologies, or frameworks (e.g., AWS Certified Security, Microsoft Security Certifications).
- Strong leadership skills, adaptability, and a continuous learning mindset to keep up with the rapid pace of change in the security field.
- Understanding of industry-specific threats and requirements, especially in highly regulated industries like finance, healthcare, or government.
