Cyber Security Analyst III

About The Position

Requirements

• Bachelor’s Degree in Information Security, Information Technology, or a related discipline preferred
• ISC2 Certified Information Systems Security Professional (CISSP), ISACA Certified in Risk and Information Systems Control (CRISC), GIAC Information Security Professional (GISP), CompTIA Advanced Security Practitioner (CASP+), or other advanced security / compliance / IT generalist certification preferred
• Minimum of 5 years’ experience in an Information Security role is preferred
• Advanced knowledge of Information Security principles and practices to include, but not limited to, the following areas: Security Architecture, Risk and Vulnerability Management, Cloud Platform Security, Network-Based Security, Host-Based Security, Public Key Infrastructure (PKI), Security Information and Event Management (SIEM), Encryption, Data Loss Prevention (DLP), Malware Prevention required

Nice To Haves

• Experience or knowledge in cloud-based security architecture is preferred
• General IT experience (System Admin, Network Admin, etc.) preferred
• Knowledge and understanding of Project Management principles and methodologies is a plus
• Knowledge and understanding of Software Development Lifecycle (SDLC) is a plus

Responsibilities

• Leads Information Security projects, including defining objectives, scope, and tasks
• Represents the Information Security team in projects internal and external to the department
• Defines and performs project-related tasks
• Leads Information Security risk and vulnerability assessment processes
• Counsels teams on the management of residual risk based on product, platform, or system design
• Researches the internal and external threat landscape, conducts vulnerability analysis on emerging risks to the organization, and recommends remediation activities to management and other teams
• Drafts and maintains risk and vulnerability assessment documentation
• Leads risk and vulnerability remediation efforts
• Leads data governance tasks
• Leads regulatory compliance tasks, processes, and audit functions (PCI, Data Privacy Law, HIPAA, etc.)
• Drafts and maintains compliance-related documentation
• Drafts and maintains Information Security policy, process, and procedure documentation
• Drafts and maintains Information Technology policy, process, and procedure documentation applicable to the broader Love’s IT infrastructure
• Produces as-is and to-be process flows depicting process efficiencies and improvements
• Drafts and maintains security awareness training content and material for distribution across multiple delivery methods, including but not limited to computer-based training (CBT), e-mail, SharePoint sites, and live training
• Administers Information Security applications and platforms
• Works with third-party support and security equipment vendors
• Participates in the Computer Incident Response Team, as needed, typically focusing on lessons learned and post-event improvement
• Mentors SecGRC team members in sound information security processes to protect the confidentiality, integrity, and availability of Love’s information technology assets
• Other duties assigned as needed

Benefits

• Fuel Your Growth with Love's - company funded tuition assistance program
• Paid Time Off
• 401(k) – 100% Match up to 5%
• Medical/Dental/Vision Insurance after 30 days
• Career Development
• Hiring Immediately