Information Systems Security Analyst (Risk and Compliance)Position Summary:
The Information Systems Security Analyst (Risk and Compliance) ensures the existence and enforcement of policies, procedures, and programs that safeguard Airgas information systems and data from malicious, unauthorized or unintentional breach, loss, availability or performance degradation, or other compromise of Airgas computing assets.Responsibilities:
- Implement and manage the company's information systems security program, consistent with policies that support business objectives and requirements.
- Ensure system compliance to security policies, standards, and practices. Recommend and direct the implementation of solutions for non-compliant systems.
- Maintain and administer the company's vulnerability management program to identify security risks and recommend corrective actions by the responsible system managers.
- Assist in developing policies, procedures, or processes that add to the overall effectiveness of the information security program.
- Work with business and project managers as new projects and processes with IT reliance are designed. Identify, record, and assist in recommendation of remediation to align compliance and risk.
- Monitor and respond to risk alerts generated by security systems in accordance with the company incident response plan.
- Facilitate, and promote activities to create information systems security awareness within the company.
- Complete risk assessments to identify the company's critical computing and data assets, and ensure they are protected.
- Stay current with the latest cyber security threat landscape, IT Risk and compliance tools and technology and advise the IT management team of applicability to the company's systems.
- Monitor third-party service providers for compliance with information security policies and procedures
- Assist reviews and assessments with the internal and external auditors. Track open IT audit findings or compliance deficiencies to ensure prompt resolution and risk mitigation.
- Manage the company's information security compliance initiatives, including but not limited to PCI-DSS, HIPAA, and DHS CFATS.
- Minimum of three years in an information systems senior security analyst role for a large, publicly traded organization; minimum of seven years in information systems technical roles, such as IT system administration or Network Ops.
- 3-5 years' experience with enterprise class and open source security tools such as Tenable Security Center, Tripwire, Symantec Endpoint Protection, Nmap, and OWASP ZAP.
- Extensive knowledge of and experience in information systems security
- Excellent interpersonal, verbal and written communication skills
- Experience with risk analysis and the implementation of vulnerability management programs and related tools and systems
- Experience with developing and providing an information security awareness and training program
- Experience with developing and maintaining information security policies and standards
- Experience with information security related issues involving identity and access management, intrusion detection, forensics, incident management, risk management and auditing
- Technical experience in network administration, system administration, application development, database administration, and/or data center operations
- Knowledge of information security and compliance related issues involving PCI-DSS, Sarbanes-Oxley, data privacy, and similar policies and laws
- Certified Information Systems Security Professional (CISSP) certification is a plus.
- Bachelor's degree in Computer Science, Information Assurance, Management Information Systems or other relevant area.
EOE AA M/F/Vet/Disability
Qualified applicants will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status, or disability