Basic Function

The IT Security Analyst III position applies mid-level principles to ensure that the organization’s technology initiatives align with its governance policies, risk management strategies, and compliance with organizational standards. The analyst will work closely with various departments to maintain governing documents, assess and mitigate risks, manage compliance audits, and maintain the integrity of the security posture.

The analyst will assist in safeguarding the organization’s network and systems by identifying, assessing, and mitigating vulnerabilities, via a proactive approach to security and a thorough understanding of the latest cybersecurity threats and trends.

The analyst will conduct authorized, simulated cyberattacks on the organization’s systems, networks, and applications to identify vulnerabilities before they can be exploited by malicious actors.

The analyst will develop and implement strategies to increase information security awareness within the organization. The role involves creating educational programs and campaigns to inform employees about the importance of cybersecurity, potential threats, and best practices to maintain security.

The analyst will develop, maintain, and execute disaster recovery strategies and plans that ensure the continuity of the organization’s critical business functions in the event of a disaster. This role involves planning for both natural and man-made disasters, ensuring minimal disruption to operations and data integrity.

The Analyst will follow-up with higher level IT Security Analysts or his/her immediate supervisor to seek further information necessary for proper direction and pursue completion of objectives but may also work unsupervised and able to interact with Unit and Division heads across the enterprise providing consultancy and direction to business and IT teams in line within established corporate security policies and processes.

Duties & Responsibilities

General requirements of the IT Security Analyst:

• Conduct risk assessments and vulnerability testing in accordance with NIST standards.

• Manage and support assessments and audits.

• Ensure compliance with organizational standards, and other relevant industry frameworks.

• Develop, implement, and monitor security policies and procedures.

• Collaborate with IT and business units to integrate GRC objectives with corporate strategies.

• Maintain a central repository for audit evidence and documentation.

• Provide guidance on risk management and compliance best practices.

• Communicate effectively with stakeholders regarding compliance issues and risks.

• Proactively identify areas for process improvement and control enhancements.

• Design and deliver engaging cybersecurity awareness training sessions for employees at all levels.

• Develop and distribute informational materials, such as newsletters, brochures, and flyers, that highlight security best practices.

• Coordinate with the IT department to create simulated phishing exercises to test employee awareness and preparedness.

• Stay current with the latest cybersecurity trends, threats, and prevention techniques.

• Respond to inquiries from staff regarding cybersecurity and online behavior best practices.

• Perform vulnerability assessments and penetration testing to identify and analyze risks.

• Manage and configure vulnerability management tools.

• Prioritize vulnerabilities based on severity and potential impact to the business.

• Work with IT teams to facilitate patch management and remediation efforts.

• Develop and maintain vulnerability management policies and procedures.

• Provide technical support for vulnerability management projects.

• Research and assess emerging security threats and vulnerabilities.

• Conduct vulnerability assessments using various tools and techniques, including scanning for open ports and testing for weak passwords.

• Plan, design, and execute penetration tests to evaluate the effectiveness of existing security measures.

• Identify and assess security vulnerabilities and prioritize them based on risk.

• Document findings in detailed reports and present them to stakeholders.

• Provide recommendations for remediation and advise on security best practices.

• Stay up to date with the latest security trends, threats, and countermeasures.

• Develop and implement comprehensive disaster recovery plans.

• Conduct risk assessments to identify potential threats to business operations.

• Coordinate with various departments to ensure effective recovery strategies are in place.

• Organize and manage disaster recovery drills and simulations.

• Provide training and awareness programs to employees on disaster response protocols.

• Monitor and report on the organization’s recovery capabilities.

• Manage the disaster recovery budget and resource allocation.

• Stay informed about the latest trends and advancements in disaster recovery and business continuity.

   

Education and Experience

• Bachelor’s degree program in a technical field such as Computer science, Management Information Technology (MIS), Engineering, and Mathematics is strongly preferred.  May consider candidates with technical school training or military training and seven (7) years’ experience.  May consider HS/GED candidates with ten (10) years’ work experience with a working knowledge of LAN systems and the maintenance and upkeep requirements of an information management system in lieu of Bachelor’s Degree. 

• Five (5) year’s work experience in computing environment or Governance Risk and Compliance, Cybersecurity Awareness, Vulnerability Management, Pentesting or Disaster Recovery fields.

• Experience with in cybersecurity awareness, excellent presentation skills, skills to design effective and engaging training materials.  Ability to measure and report on the effectiveness of awareness programs.

• Experience with a variety of operating system experience, Windows/Linux/Unix in a functional capacity. 

• Proficiency in vulnerability scanning tools and methodologies.

• Security and/or Networking experience and understanding in the following:

• Working knowledge of general security methodologies, concepts and terminologies.

• Basic routing principles and networking fundamentals

• Well known protocols and services (FTP,HTTP,SSH,SMB,LDAP)

• Packet Analysis Tools (TCPDUMP, Wireshark, Ngrep)

• Experience with penetration testing tools and frameworks, strong knowledge of programming languages

• Experience in disaster recovery planning and implementation, excellent organizational and project management skills

• Must be able to communicate and comprehend accurately, clearly and concisely in English at a level required to perform the job as outlined.  Must be able to communicate technical details a clear, understandable manner.

• Must possess good work habits, a strong work ethic, and be able to adhere to company work hours, policies, and standard business etiquette.  Must exemplify strong analytical kills, consensus building, and strong collaboration skills are crucial.

NO THIRD-PARTY CANDIDATE ACCEPTED

Powered by JazzHR