Information Security Analyst 1

Job Posting External

Job Duties

• Governance, Risk, & Compliance (GRC) Application Specialist - Under close supervision, operates the team’s GRC applications including IT Compliance, IT Risk, Third Party Risk Management, and Policy Management Platforms. Tasks include collection and submission of internal audit evidence for review, scheduling internal audit tasks, completing risk items, entering vendor details, assigning surveys, following up with vendors, and creating policy document campaigns for attestation.    
• Control Testing - Complete tasks related to cybersecurity audit, penetration testing, vulnerability scanning, security scanning, and posture assessments. Collect evidence and details of such tests, coordinate lessons learned, track issue resolution, and evaluate completion for remedial actions.
• Risk Assessment - Review the Company’s Information Security Program compliance and/or evolving compliance needs.  Identify, manage, and communicate deviations from compliance requirements. 
• Incident Response - Participate as a member of the Company's Incident Response Team (IRT). Monitor progress, coordinate the collection of incident documentation, logs, and evidence, and ensure they are properly secured and preserved. 
• Threat Intelligence Analysis - Analyze cyber threat intelligence. Investigate the level of threat posed by an attack and enable appropriate personnel to take informed cybersecurity-based business decisions. Maintain awareness of the cybersecurity risks of concern for the Company’s global operations and help secure the critical assets that need protection by making prioritization recommendations for threats. Perform other duties as assigned.

Minimum Qualifications

• Less than 2 years related experience.
• Associate's degree (Information Technology, Cyber Security, Computer Science)
• Non-degree considered if 6+ years of related experience along with a high school diploma or GED
• Job requires employee to drive a personal vehicle to conduct company business 
• Per 8-hour shift.  Sit 7 hours and stand 1 hour.  Both typical and non-typical office environment (low to moderate noise level, low exposure to hot/cold temperatures, dust, fumes, and vibrations).  Regular interaction with others and performs a degree of independent work.  Infrequently lift 21-30 pounds.  Physical and mental demands are akin to the majority of office positions with prolonged periods of sitting and prolonged use of a computer/keyboard.  Infrequent lifting, walking and climbing stairs.  Occasional use of office equipment (copiers, printers, etc.).

Preferred Qualifications

• Bachelor's degree (Information Technology, Cyber Security, Computer Science)
• Knowledge of various Information Security & Privacy Frameworks such as NIST CSF, NIST 800-171, NIST 800-53, NIST Privacy Framework, ISO-27001, ISO-27701, GDPR, US & other global privacy regulations.
• Certifications and/or work experience in other Information Technology disciplines. 
• Basic level of knowledge in at least one scripting or software development language such as PowerShell, Bash, Java, or Python.
• Good written, oral and interpersonal skills, Along with deductive reasoning, and analytical investigative skills.