Lead Security Analyst #102919

Lead Security Analyst

JOB SUMMARY:

The Information Security Manager will be responsible for developing and leading the maturation of important information security initiatives and portions of the information security program. The candidate will manage a small team of information security professionals to ensure information security risks are prioritized, assessed, and managed. The candidate will be expected to help shape the organization’s information security strategy.

Job Responsibilities:

·         Lead a team of information security professionals while emphasizing personal integrity, responsibility/accountability, business partnership, and center-of-excellence development

·         Oversee continuous improvement efforts including:

o    establishing and tracking key metrics on patching, vulnerabilities, etc.

o    ensuring thorough analysis and correlation of events across a wide variety of sources

o    staying knowledgeable about current security technologies, news, events, and threat landscape and how these developments potentially impact the organization

o    ensuring documentation is accurate and kept up to date

o    recommending, documenting, implementing, and reviewing risks, training, process, control, technology changes

o    auditing current training, processes, controls, and technologies for gaps

·         Develop and lead information security projects and initiatives to address current and potential security risks

·         Mature and execute security tools to detect, investigate, and remediate cybersecurity breaches and other incidents

·         Review agreements and contracts for information security requirements and concerns

·         Generate, provide, and present reports and presentations suitable for both peers and senior leadership

·         Communicate, implement, maintain, and audit policies and controls

·         Act as a subject matter expert, and provide security support and counsel to other teams

·         Oversee the delivery of information security training to employees through multiple channels (written, in person, etc.)

·         Other duties as assigned

Qualifications:

·         Required:

o   3+ years managing a small team of professionals in a complex environment

o   Strong verbal and written communication skills

o   Experience communicating and presenting with confidence and clarity to different audiences, adjusting language and jargon appropriately

o   Experience writing documentation (technical, policies, procedures, etc.) to be consumed by a wide range of audiences (technical, leadership, end users, customers, auditors, etc.)

o   Ability to articulate complex application architecture, configuration, and operation to others in both technical and non-technical terms

o   Must be able to work well with others and promote a highly collaborative work environment

o   Must conduct him or herself with the utmost integrity and practice a high degree of ethical judgement

o   Strong understanding of risk management concepts and terminology

o   Experience creating and delivering executive presentations on information security and risk management topics

o   Understanding and knowledge of the MITRE ATT&CK framework for threat actor methodologies

o   Strong understanding of networking technologies, concepts, and tools (i.e. firewalls, routing, switching, TCP, UDP, OSI layers, packet analysis, proxies, IPS, etc.)

o   Understanding of all common information security domains and how each can affect risk and security posture

o   Experience with methodologies designed to drive continuous improvement efforts

o   Experienced in management of security projects and complicated security issues

o   Self-motivated and able to work independently with little oversight to complete tasks and deliverables on time

o   Must be able to multi-task and juggle multiple priorities while ensuring successful completion of all items in a timely fashion

o   Ability to demonstrate troubleshooting skills, analytical thinking, and the ability to work with a wide range of technologies.

·         Preferred:

o   Bachelor’s degree, or foreign equivalent, in computer science or related field

o   Experience managing budgets, including common, financial accounting practices and terminology

o   Experience with vendor management, including contract negotiation and review

o   5+ years as a security incident handler/information security analyst

o   Certifications such as CISSP, CISM, CISA, A+, Network+, Security+, CCNA, and/or CCNP

o   Experience with the ISO27001:2013 framework

o   Proficient with White Hat and Black Hat hacking tools and distributions

o   Proficient in malware forensics or reverse engineering malware

o   Proficient in using regular expressions for pattern matching (RegEx)

o   Understanding of SANS, CIS, NIST, and/or ISO27001:2013 approaches to Information System Risk/Threat Management