Information Security Analyst II
Type of Job
About the job
Information Security Analyst
At least 3 years relevant experience required.
Develops and delivers a comprehensive information security and privacy program.
The scope of this program is company-wide, and includes information in electronic, print and other formats.
The purpose of this program includes: to assure that information created, acquired or maintained by and its authorized users, is used in accordance with its intended purposeto protect information and its infrastructure from external or internal threats; and to assure that complies with statutory and regulatory requirements regarding information access, security and privacy.
• Coordinate the development of information security policies, standards and procedures.
• Work with key IT offices, data custodians and governance groups in the development of such policies.
• Ensure that company policies support compliance with external requirements.
• Oversee the dissemination of policies, standards and procedures to the user community.
• Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors.
• Serve as the company compliance officer with respect to state and federal information security policies and regulations.
• Work with the designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary.
• Prepare and submit and submit required reports to external agencies.
• Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
• Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
• Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
• Additional PROACTIVE PARTICIPATION IN WORKING GROUPS FROM GOVERNMENT AND INDUSTRY. FAMILIARITY WITH EMERGING CHALLENGES IN CYBERSECURITY AND COMMUNICATIONS TECHNOLOGIES
• REPRESENTING BUSINESS IN COMMUNICATIONS SECTOR, PRIVATE-PUBLIC SECTOR PARTNERSHIPS, AND NATIONAL COUNCILS.
* PERFORM SECURITY, COMPLIANCE, AND RISK ASSESSMENTS ON PROJECTS THROUGHOUT PROJECT LIFECYCLE.
• Strong understanding of/familiarity with networking fundamentals and technologies (e.g., LAN, vLAN, WAN, WiFi, Cellular, Bluetooth)
• Strong understanding of/familiarity with security and privacy technologies (e.g., firewalls, IDS/IPS, SIEM)
Load balancers (ex - A10, F5), firewalls (ex - CheckPoint),
MDM (ex - Mobile Iron)
Cloud (ex - AWS, Azure)
Malware Protection (ex -FireEye)
Advanced Persistent Threats (ex - Damballa)
Privileged Accounts (ex - CyberArk)
SIEM (ex - ArcSight), Log & Event (ex - Splunk)
Intrusion IDS/IPS (ex - Symantec)
Cloud Platform (ex - PCF, Docker)
Scanning (ex - Qualys)
AppSec (ex - Veracode)
What does a typical day look like?
• Proactive participation in working groups from Government and industry. Familiarity with emerging challenges in cybersecurity and communications technologies. Representing business Telecommunications sector, private-public sector partnerships, and national councils.
• Collaborate with team members on monthly briefing, contribute to infographics, develop content for white papers, and prepare content for presentations to management.
• Determine security and privacy capabilities depending on the analysis of policy, legislation, and regulation.
• Field privacy and security questions from government affairs, legislative affairs, and legal affairs.
• Partner with engineering on emerging technologies related to security and privacy.
• Preferred background/prior work experience?: Experience analyzing policy, legislation and regulation, and some familiarity with the key policymakers (Congress, FCC, FTC, NTIA, etc.) and industry councils (CTIA, CSCC, CTA).
Preferred: Technical Project Management
• Prior work experience: Experience in info security technology or related field, Expert in security subject areas, Experience with high level design architecture, security technologies, Networking, web services and SOA. Understanding of encryption, obfuscation, tokenization technologies
• Familiarity with standards/Frameworks including NIST 800-53, CSF, RMF, 161, 171, CMMC 1.0. Nice to have working knowledge of Fed Ramp, SOC2.
• Priority soft skills: Strong verbal and communication skills with diverse cross functional groups & the ability to present effectively to small & large groups.
• Strong problem solving / troubleshooting skills
• Self-motivated and able to work under tight timelines.