Job Title: Information Security Analyst Sr. - Risk and Compliance
Department: IT Security
Reports to: Information Security Sr. Manager
Responsible for working with the information security management team to administer the Company’s information security programs; maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs; and support a variety of security systems and applications. Recommends, designs, implements, and administers information security controls that meet dynamic tactical and strategic information security objectives.
Duties and Responsibilities:
Knowledge, Skills, and Abilities:
Work Experience and/or Education:
College degree or equivalent experience in information security with a minimum five years of information security experience. Active CISSP, CISA, or CISM certification preferred.
Hands-on experience with use and administration of three or more of the following technologies: vulnerability scanning tools; advanced endpoint security; security information and event management (SIEM); data loss prevention (DLP); privileged user management (PUM); and governance risk and compliance (GRC).
Experience identifying and addressing security risks associated with host and network operating systems; enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, network routing and switching, and virtualization); client-server, thin-client, and web-based applications; enterprise applications (e.g. ERP); cloud services; and storage platforms.