Information Security Analyst

About The Position

Requirements

• College degree in Information Technology or Information Security or equivalent.
• Minimum two years of experience in Information Security Risk, Information Security Operations or Security Auditing.
• Proven experience on third-party risk management and vendor security assessments.
• Working knowledge of security practices such as Endpoint Security, Network Security, Security Operations and Security Governance required.

Nice To Haves

• Security+, SSCP, CISSP, CISM or similar information security certifications preferred.
• Experience working with Vendor Risk Management (VRM) applications preferred.

Responsibilities

• Performs vendor security risk assessments to determine inherent risk on proposed projects and assesses vendor security controls to determine residual risk.
• Evaluates the potential exposure to application security risks and threats based on industry security frameworks and recommends appropriate mitigation.
• Assesses security practices including Information Security governance, Identity and access control, Incident monitoring and response, Vulnerability assessment and Penetration tests, Network Security and Endpoint Security, among others.
• Acts as liaison with Third Party Risk Management, Information Technology and business department Relationship Managers related to vendor risk assessments.
• Reports information security risks and follows-up remediations.
• Remediates audit and regulatory findings and recommendations related to Information Security and Vendor Risk Management.

Benefits

• Medical insurance
• Dental insurance
• Vision insurance
• Life insurance
• Long-term disability insurance
• Flexible spending accounts (FSAs)
• Health saving account (HSA) with company contributions
• Voluntary coverages
• 401(k)
• Discretionary bonus eligibility