The Senior Information Security Analyst is responsible for overseeing and assessing information risk of identified vulnerabilities for IT networks, systems and applications, and facilitates vulnerability remediation across the organization using IT security tools and methodologies. Reports on findings and provides recommendations for corrective action. Assesses risk within the Vendor Management Program. Participates in IT audits, risk assessments and regulatory compliance measurements. As the Senior Analyst, this position may assign and oversee work activities of Information Security Analyst(s), and will serve in a project leadership role to include cross functional matrixed teams.
PRINCIPAL ACCOUNTABILITIES AND FUNCTIONS:
1. Manages IT security and risk (data systems, network, and/or applications) within the organization.
2. Responds to questions from internal and external audits and examinations.
3. Develops and reviews policies, standards and procedures that meet approved policy and regulatory requirements, and amends existing programs to meet current requirements.
4. Facilitates IT security/risk awareness and develops related training curriculum.
5. Serves as project manager or lead for IT security related projects.
6. Promotes awareness of regulatory standards, organizational risk and industry best practices across the organization.
7. Acts as a liaison to provide IT security guidance to business units in discovery and planning of new products, services or applications.
8. Assists with testing and continued development of the incident response plan (IRP).
9. Facilitates incident response and forensic investigations when required.
10. Performs related duties as assigned.
Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or technical discipline); or, an equivalent combination of education and experience.
• Seven to 10 years of progressively responsible IT security or information security experience.
• Five years of experience conducting IT compliance assessments, security reviews and risk assessments.
• Five years of experience in administering IT security controls within an organization.
• Knowledge of technical and security infrastructure, LAN/WAN networks, applications (web and database), virtualization related to IT security.
• Experience with IPS, SIEM, vulnerability scanners, firewalls, VPN, email and web security technologies.
• Prior experience working within a financial services organization preferred.
• Prior experience working with regulatory agencies such as the FDIC and/or NCUA preferred.
• Knowledge of FFIEC guidelines preferred.
• Extensive knowledge of Microsoft Server systems administration including Active Directory.
• Extensive knowledge of security infrastructure, principles, concepts and contemporary industry best practices.
• Knowledge of networking concepts to include LAN/WAN, datacenter, and security (firewalls and VPN), and IDS/IPS.
• Knowledge of Cisco enterprise grade products to include: Nexus 7000, UCS, ASA, Secure ACS, TACACS+, ISR, ESA, WSA and CSMA.
• Knowledge of VMware server, desktop virtualization, and Storage Area Networks (SAN).
• Knowledge of security strategies and practices related to Tower's technology infrastructure.
• Desired certifications include: CISSP, SSCP, CISM, CISA, CEH, GIAC, and/or other relevant certifications.
A little about us:
Founded in 1948, Robert Half (NYSE: RHI) is the world's first and largest specialized staffing services firm.