Information Security Analyst
Posted on May 3, 2021 by LCA Consulting Services
Information Security Analyst
My client has a requirement for an experienced Information Security Analyst to join their project.The Information Security Analyst will be part of the Security Capability Management and Governance team responsible for leading or supporting the execution of Information Security and Risk Management (ISRM) goals and objectives in Europe through the governance and management of ISRM initiatives and resources and ensure security risks are managed and the organization complies with security requirements and regulations through active collaboration with our customers and stakeholders. The role will provide security risk and compliance services to the stakeholders to improve the overall information security posture for their respective environments, help drive key cybersecurity initiatives, provide progress and reporting metrics, and ensure all systems comply with the Global CISO's Information Security program. The role will report directly to the Director of Information Security, Security Capability Management and Governance.
Key responsibilities include:
- Engage directly with the appropriate Technology Capability teams to ensure new products, services, applications, third party relationships have been assessed for controls and that any identified risks are appropriately addressed.
- Lead new and recurring security risk assessments (eg GDPR, PCI, etc.), collaborate on the development of mitigation plans, and work with internal stakeholders to assign remediation tracking responsibility; collaborate with other risk and compliance teams, such as Global Privacy, SOX, Internal Audit, Compliance & Ethics, to obtain a holistic risk posture.
- Establish security requirements for projects/programs (eg systems upgrade or implementation) and operations through engagement with Business and IT teams.
- Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
- Work proactively with Business Information Security Officers (BISOs) and Technology Capability teams to ensure security, IT risk and compliance is actively built into the organization objectives and procedures.
- Assist with the coordination and prioritization of work for implementing cybersecurity initiatives.
- Maintain a strong understanding of the Business Unit IT environment to manage the threat and risk landscape - application stacks, infrastructure components, and external facing footprint
- Provide regular, timely reporting on the information security status across Technology Solution teams and provide regular metrics and reporting to the Director of Information Security with a focus on continuous improvement
- Collaborate with the relevant Technology Solution Teams and act in a consultative way to help improve the security posture and adhere to security policies and expected controls.
- Facilitate the identification of high value assets to be monitored by ISRM.
- Communicate key deliverables and due dates to the Solution Teams and other technology and business stakeholders and service owners (application, infrastructure & business/SaaS vendor) with the goal to ensure compliance with Information Security standards, policies and procedures
- Provide escalation path for information security issues, incidents and enquiries
- Work with the Technology Capability team and Business Unit management team to determine acceptable levels of risk for the applicable Business Unit, report on variances, and propose/lead mitigation activities.
- Partner with enterprise service teams to leverage capabilities and subject matter expertise
- Acts as an Information Security subject matter expert on responsible area and endorse recommended solutions, providing thought leadership, coaching and mentoring to other information security analysts as required.
4+ years in IT, Information Security Services, IT audit, and/or IT Risk Management
- Strong security risk analytical knowledge and skills applying in different business contexts.
- Experience in risk assessment, GRC software, audit, and IT security assessments
- Familiar with compliance regulations, IT, security frameworks and standards (ie NIST, GDPR, PCI, SOX, HITRUST)
- Knowledge of Information Security control frameworks (eg, NIST Cybersecurity Framework, Center for Internet Security Critical Security Controls, ISO 27001, etc.)
- Strong communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization
- Demonstrated experience effectively leading and managing collaborative, cross-functional teams to successfully deliver programs and/or multiple projects on-time and within budget based on agreed upon scope and business goals
- Strong ability to influence or negotiate with stakeholders dealing with competing priorities
- Capable of anticipating needs and driving clarity on expectations
- Self-Starter that requires minimal supervision, manage different activities effectively, and can provide oversight and coaching to others for any assigned projects or tasks.
Additional Knowledge & Skills
- Knowledge of the healthcare and software industries
- CISA, CISSP or other similar professional designations
- Familiarity with healthcare, privacy, and financial compliance regulations would be an advantage
- Knowledge of Jira and operating in agile would be an advantage
- Project management skills would be an advantage