Information Security Analyst 3

Job Posting External

Job Duties

• Information Security & Privacy Project Management - Oversee, coordinate, and support functional process audit and assessments to ensure process compliance. Develop instructional and procedural documentation and presentations to support and communicate IT and Privacy Program strategic objectives. Prepare and maintain policy, standards, guidelines, processes, and procedures based on National Institute of Science & Technology (NIST) and International Organization for Standardization (ISO) best practices while leading framework implementation and ongoing improvement. Work collaboratively with other stakeholders to achieve compliance objectives for the overall program.
• Information Security & Privacy Audit Management - Assess technology related compliance issues across organization including IT, privacy, identity management, user access, and data integrity. Ensure alignment of practices with ethical, regulatory, and commercial requirements with policies and procedures. Build scalable and efficient processes related to corrective actions and product compliance needs.
  Risk Program Management - Identify, assess, and mitigate risk to company’s technologies and services. Work closely with Information Technology and Engineering teams to develop strategies and plans to assess risks. Work with technical stakeholders to develop and approve risk treatment projects and establish clear objectives for risk mitigation. Track risk items and assist technical teams with prioritization and project scoping for IT and privacy program driven risk projects.
• Incident Response Leadership - Lead incident response processes under guidance of Director of IT. Set goals, priorities, and strategies for the Incident Response Team (IRT) and oversee execution and evaluation of the response actions. Liaise with senior management, external stakeholders, and regulatory authorities, and ensure compliance with legal and ethical obligations. Perform other duties as assigned.

Minimum Qualifications

• 5-7 years related experience
• Bachelor’s degree (Information Technology, Cyber Security, Computer Science)
  • Non-degree considered if 12+ years of related experience along with a high school diploma or GED

Preferred Qualifications

• 10+ years of related experience.
• Expertise in various Information Security & Privacy Frameworks including Secure Controls Framework, NIST CSF, NIST 800-171, NIST 800-53, NIST Privacy Framework, ISO-27001, ISO-27701, GDPR, US & other global privacy regulations.  
• Work experience in other IT, Privacy, and/or Information Technology disciplines including software development, help desk, networking, systems administration or similar in conjunction with professional certifications such as CIPP, CIPM, CIPT, CCSP, CGRC, CRISC, CDPSE, CGEIT, CISA, ISO Lead Implementor, ISO Internal Auditor, and AWS Associate or Professional level certifications.  
• Cyber, information security, and/or privacy internal audit experience.  
• Intermediate or higher level of knowledge of scripting or software development language including PowerShell, Bash, Java, or Python.  
• Good written and oral communication skills, deductive reasoning, and analytical investigative skills. Good interpersonal skills to facilitate positive relations between business groups.  Good leadership, decision-making, communication skills, and a broad knowledge of the Company’s business and security objectives.