Sr. Information Security Analyst

Sr. Information Security Analyst

Company:Technisource
Base Pay: $90,000 - $100,000 /Year
Other Pay:
EmployeeType: Consultant
Information Technology
Industry Type: Other Great Industries
Required Education: Not Specified
Location: US-FL-Orlando
Contact: DeLane Garner
Phone: Not Available
Fax: Not Available
Ref ID: Not Available





 
 


Visit Us



Sr. Information Security Analyst

JOB DESCRIPTION



Position Description

Position Purpose
The Information Security Architect assists the Manager, Information Security, in defining, managing, and coordinating the diverse set of information security and internal controls related activities.

Major/Key Accountabilities
• Gathering business requirements, providing security vision & thought leadership.
• Providing technical consultation, guidance, and assistance to management, business unit contacts and internal customers to ensure the protection of business information by integrating controls, processes, and procedures into the organization.
• Work closely with Brambles IT and business teams to ensure that information systems meet or exceed security and certification requirements. This includes ensuring that the security architecture is well document and communicated.
• Architect and design secure solutions in support of Brambles initiatives using industry best practices.
• Ensure compliance with the current IT Security Policy and Standards.
• As an acknowledged SME, influences the course of future security technologies within Brambles.
• Drive the overall security architecture.
• Monitor security technology trends and requirements, such as emerging standards for new technology opportunities
• Develop and execute security plans. This may include managing 3rd party vendors, and providing guidance (with other departments) to the security best practices.
• Engage in hands-on, in-depth analysis and review of security incidents.
• Provide training to staff and contractors related to security.
• Security activities focus on ensuring confidentiality, integrity, availability, authenticity, and non-repudiation of critical information system resources and related activities, including but not limited to, data/information, application software, servers and desktop hardware, physical assets, network and telecommunications.
• Support Information Services and Business Operations management in their efforts to identify and mitigate risks, implement necessary mitigating safeguards and controls, implement ongoing monitoring activities and countermeasures, and coordinate the multitude of activities that protect Brambles’ information assets from intentional or inadvertent modification, disclosure or destruction, and provide support for applicable legal and regulatory requirements.
• Provide monitoring and compliance tracking for the protection of information assets to business units throughout Brambles’ enterprise based on the organization’s risk assessment, and is a key member of the various information security work groups.
• Responsible for recommending and assisting in the development and implementation of appropriate information security policies, standards, procedures, and guidelines required to safeguard information resources.
• Liaise with the appropriate security analysts, data owners and development teams as necessary to determine and mitigate vulnerabilities/threats.

Qualifications
• Extensive experience with developing and delivering commercial/enterprise software required.
• SABSA, CISSP, CISA, CISM, Other Security or Security Technology related Certifications (i.e., CISCO, MCSE:Security)
• Experience with security architecture related to protocols such as SSH, SNMP, HTTP, SOAP, SOA, Web Services
• Experience with performing vulnerability and risk assessments and developing risk treatment plans.
• Experience with network and server security, including firewalls, VPN, Anti-Virus, Patch Management, etc.
• Experience with business applications such as SAP and Siebel.
• Experience with Common Criteria, FIPS and other certifications a big plus
• Strong work ethic – someone who loves to “crank" out the great work and takes great pride in professionalism, responsibility, and proactive-ness.
• Experience with Network Security systems (firewalls, IDS/IPS, etc.), vulnerability analysis applications.
• Certification - Global Information Assurance Certification (GIAC), and ISO/IEC 27001a plus, CISSP, (ISSAP, ISSEP, ISSMP), GIAC, CISM, SSCP, CEH, CHS-III, TICSA, ISSPCS:P, CCSA, CIWSA, CCS, Security+, or other industry certifications customarily held by security and enterprise technical architects
• Communication, listening, project management, problem solving, organizational, goal setting, and time management skills
• Ability to use software, hardware, and peripherals related to job responsibilities, including MS Office
• Ability to maximize the use of the available technology, welcome new technology, and stay abreast of the latest technologies
• Ability to maintain confidentiality of information
• Ability to work independently as well within a team and with client users
• Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines
• Ability to be flexible when there are schedule or priority changes and last minute requests

Experience
• Preferred education is MS degree in information systems, or equivalent work experience.
• Minimum 7 years IS experience
• At least 5 years information security architecture and engineering experience with network, server and application security technologies and concepts.

Skills and Knowledge
• Skills required: Excellent people skills. Ability to work across multiple teams
• Skills required: Strong communications skills, both in writing and speaking. Ability to excite and motivate with a compelling vision
• Skills required: Good organizational and time management skills
• Be familiar with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), "EuroSOX," the Japanese Financial Instruments and Exchange Law ("J-SOX"), the New Basel Capital Accords (BASEL II) and the European Union Data Protection Directive (EUDPD).
• Have experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.

Languages
English

Critical Competencies for Performance
Management and Leadership
• Develop a compelling, shared security vision for the team
• Ensure that the team is clear on security goals and objectives
• Conduct security review meetings
• Drive and manage security project schedules
• Coordinate with outsourced engineering services, as appropriate
• Report on schedule and product progress, related to security product
• Assist teams in development of security requirements
• Translate security requirements into technical specifications
• Provide ways to innovate and use security as a competitive advantage
• Drive security decision making based on sound business requirements

Technical
• Develop and maintain detailed security plans
• Conduct security and vulnerability assessments
• Develop security policies, standards, procedures and guidelines.
• Be a recognized leader with a strong understanding of tools, technologies, security strategies and their implications on the broader business environment.
• Have strong project management skills, and experience in creating and managing project plans, including budgeting and resource allocation.
• Be proficient in performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.



JOB REQUIREMENTS


Position Description

Position Purpose
The Information Security Architect assists the Manager, Information Security, in defining, managing, and coordinating the diverse set of information security and internal controls related activities.

Major/Key Accountabilities
• Gathering business requirements, providing security vision & thought leadership.
• Providing technical consultation, guidance, and assistance to management, business unit contacts and internal customers to ensure the protection of business information by integrating controls, processes, and procedures into the organization.
• Work closely with Brambles IT and business teams to ensure that information systems meet or exceed security and certification requirements. This includes ensuring that the security architecture is well document and communicated.
• Architect and design secure solutions in support of Brambles initiatives using industry best practices.
• Ensure compliance with the current IT Security Policy and Standards.
• As an acknowledged SME, influences the course of future security technologies within Brambles.
• Drive the overall security architecture.
• Monitor security technology trends and requirements, such as emerging standards for new technology opportunities
• Develop and execute security plans. This may include managing 3rd party vendors, and providing guidance (with other departments) to the security best practices.
• Engage in hands-on, in-depth analysis and review of security incidents.
• Provide training to staff and contractors related to security.
• Security activities focus on ensuring confidentiality, integrity, availability, authenticity, and non-repudiation of critical information system resources and related activities, including but not limited to, data/information, application software, servers and desktop hardware, physical assets, network and telecommunications.
• Support Information Services and Business Operations management in their efforts to identify and mitigate risks, implement necessary mitigating safeguards and controls, implement ongoing monitoring activities and countermeasures, and coordinate the multitude of activities that protect Brambles’ information assets from intentional or inadvertent modification, disclosure or destruction, and provide support for applicable legal and regulatory requirements.
• Provide monitoring and compliance tracking for the protection of information assets to business units throughout Brambles’ enterprise based on the organization’s risk assessment, and is a key member of the various information security work groups.
• Responsible for recommending and assisting in the development and implementation of appropriate information security policies, standards, procedures, and guidelines required to safeguard information resources.
• Liaise with the appropriate security analysts, data owners and development teams as necessary to determine and mitigate vulnerabilities/threats.

Qualifications
• Extensive experience with developing and delivering commercial/enterprise software required.
• SABSA, CISSP, CISA, CISM, Other Security or Security Technology related Certifications (i.e., CISCO, MCSE:Security)
• Experience with security architecture related to protocols such as SSH, SNMP, HTTP, SOAP, SOA, Web Services
• Experience with performing vulnerability and risk assessments and developing risk treatment plans.
• Experience with network and server security, including firewalls, VPN, Anti-Virus, Patch Management, etc.
• Experience with business applications such as SAP and Siebel.
• Experience with Common Criteria, FIPS and other certifications a big plus
• Strong work ethic – someone who loves to “crank" out the great work and takes great pride in professionalism, responsibility, and proactive-ness.
• Experience with Network Security systems (firewalls, IDS/IPS, etc.), vulnerability analysis applications.
• Certification - Global Information Assurance Certification (GIAC), and ISO/IEC 27001a plus, CISSP, (ISSAP, ISSEP, ISSMP), GIAC, CISM, SSCP, CEH, CHS-III, TICSA, ISSPCS:P, CCSA, CIWSA, CCS, Security+, or other industry certifications customarily held by security and enterprise technical architects
• Communication, listening, project management, problem solving, organizational, goal setting, and time management skills
• Ability to use software, hardware, and peripherals related to job responsibilities, including MS Office
• Ability to maximize the use of the available technology, welcome new technology, and stay abreast of the latest technologies
• Ability to maintain confidentiality of information
• Ability to work independently as well within a team and with client users
• Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines
• Ability to be flexible when there are schedule or priority changes and last minute requests

Experience
• Preferred education is MS degree in information systems, or equivalent work experience.
• Minimum 7 years IS experience
• At least 5 years information security architecture and engineering experience with network, server and application security technologies and concepts.

Skills and Knowledge
• Skills required: Excellent people skills. Ability to work across multiple teams
• Skills required: Strong communications skills, both in writing and speaking. Ability to excite and motivate with a compelling vision
• Skills required: Good organizational and time management skills
• Be familiar with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), "EuroSOX," the Japanese Financial Instruments and Exchange Law ("J-SOX"), the New Basel Capital Accords (BASEL II) and the European Union Data Protection Directive (EUDPD).
• Have experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.

Languages
English

Critical Competencies for Performance
Management and Leadership
• Develop a compelling, shared security vision for the team
• Ensure that the team is clear on security goals and objectives
• Conduct security review meetings
• Drive and manage security project schedules
• Coordinate with outsourced engineering services, as appropriate
• Report on schedule and product progress, related to security product
• Assist teams in development of security requirements
• Translate security requirements into technical specifications
• Provide ways to innovate and use security as a competitive advantage
• Drive security decision making based on sound business requirements

Technical
• Develop and maintain detailed security plans
• Conduct security and vulnerability assessments
• Develop security policies, standards, procedures and guidelines.
• Be a recognized leader with a strong understanding of tools, technologies, security strategies and their implications on the broader business environment.
• Have strong project management skills, and experience in creating and managing project plans, including budgeting and resource allocation.
• Be proficient in performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.

Report It


ABOUT TECHNISOURCE

Our specialists take a hands-on approach in truly understanding your background and career goals to find the opportunities that will allow you utilize your skills, attain new experience and reach a new level of personal success.
We work hard to provide you with real time access to exclusive job opportunities, the highest level of support and the right tools at the right time to catapult your career to the next level.