Lead Inforrmation Cyber Security Analyst
Posted on Mar 24, 2020 by LCA Consulting Services
The Lead Information Security Analyst will be responsible for orchestrating the Cybersecurity and IT Risk & Compliance Management strategy and program for the respective IT Capability and/or Business Unit.
The role will partner with the corresponding Solution Teams and Business stakeholders to improve the overall information security posture for their respective environments, help drive key cybersecurity initiatives, provide progress and reporting metrics, and ensure all systems comply with the Global CISO's Information Security program. The role will report directly to the Business Information Security Officer (BISO)
Key responsibilities include:
Engage directly with the Solution Teams to understand, discuss, and advise on strategic priorities, concerns and key IT risks.
Coordinate and prioritize the work and resources for implementing cybersecurity initiatives, including directing the Solution Teams' Security Architect and Engineer.
Be a part of the Solution Team and act in a consultative way to help the business improve its security posture and adhere to security policies and expected controls.
Engage directly with the Business Unit stakeholders and Shared Security Services team to increase adoption of standard security tools (prevention/detection/monitoring), lead onboarding processes, align with long term security roadmap and escalate operational issues.
Champion the Cybersecurity Strategy, ensuring enterprise objectives and requirements are communicated and understood by local Business Unit stakeholders Maintain a strong understanding of the Business Unit IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint Work proactively with IT Capability and/or Business Unit leadership to ensure security, IT risk and compliance is actively built into the organization objectives and procedures Provide regular, timely reporting on the information security status across Solution Teams and provide regular metrics and reporting to the BISO with a focus on continuous improvement Engage directly with the appropriate teams to ensure new products, services, applications, third party or client relationships, have been assessed for security controls and that any identified risks are appropriately addressed.
Facilitate the identification of high value assets to be monitored by the Active Defense Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies, procedures & guidelines.
Work with the IT Capability team and Business Unit management team to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions Partner with enterprise service teams to leverage capabilities and subject matter expertise Acts as an Information Security subject matter expert on cross-business unit projects and endorse recommended solutions; providing thought leadership; coaching and mentoring to other analysts as required.
Drive the completion of annual objectives Establish security requirements for projects/programs (eg systems upgrade or implementation) and operations through engagement with Business and IT teams Lead new and recurring security risk assessments (eg GDPR, PCI, etc.), develop mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, to obtain a holistic risk posture.
8+ years in IT, Information Security Services, IT audit, and/or IT Risk
8+ Management including 2+ years managerial or lead experience
Strong communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals Strong ability to influence or negotiate with stakeholders dealing with competing priorities Capable of anticipating needs and driving clarity on expectations Experience in risk assessment, GRC software, audit, and IT security assessments Familiar with compliance regulations, IT, security frameworks and standards (ie NIST, HIPAA, PCI, SOX, HITRUST) Additional Knowledge & Skills Knowledge of the healthcare and software industries CISA, CISSP or other similar professional designations Familiarity with healthcare, privacy, and financial compliance regulations would be an advantage Project management skills Education 4-year degree in computer science or related field or equivalent experience Strong analytical and troubleshooting skills with an understanding of IT business operations and information security.
Knowledge of Information Security control frameworks (eg, ISO 27001 and NIST 800-53