Information Security Analyst

About The Position

Requirements

• BS Computer Science degree or relevant discipline
• 5+ years of Information Security experience
• Demonstrated deep understanding of principles in network technology, incident response, data loss prevention, security architecture, and information security policy
• Authority to review and review information system access requests and escalate if necessary.
• Authority to submit infrastructure and application change request.

Nice To Haves

• Familiarity with HIPAA and/or PCI-DSS a plus.
• Relevant security certifications

Responsibilities

• Responsible for overseeing the vendor information security risk management process, coordinating with our overall vendor management program, including compliance with the supply chain risk management controls in NIST SP 800-53, and any other standards adopted by our Cybersecurity Program and vendor management program, and our obligations under applicable privacy and security laws, our cybersecurity insurance, our contracts with key customers and our SOC, PCI, HITRUST and other audits and compliance requirements (“Security Standards”).
• Responsible for XiFin’s security awareness program
• Responsible for overseeing an effective asset management process to meet the Security Standards, including coordinating the configuration management data base with IT and the data mapping and inventorying and the ROPA and DPIA processes with our Privacy Department.
• Responsible for overseeing an effective data loss protection process meeting the Security Standards, including developing, gaining approval for and finalizing appropriate policies and procedures, appropriate information classification, and monitoring current DLP tools and recommending changes in configuration and use, or changes in tools.
• Responsible for overseeing XiFin’s identity management process to meet the Security Standards.
• Regular monitoring of assigned security information systems for suspected privacy or security violations, managing the resolution of any issues, and ensuring the violations are properly documented and reported.
• Responsible for ensuring security policies and procedures are documented, maintained, implemented, and enforced.
• Support the security vulnerability management program.
• Provide input on our Cybersecurity Program and annual plan and other policies, procedures and documents as requested
• Assist in auditing security procedures to ensure compliance and provide evidence of compliance with security procedures for both internal and external audits, as assigned.
• Other projects as assigned

Benefits

• Comprehensive health benefits including medical, dental, vision, and telehealth
• 401(k) with company match and personalized financial coaching to support your financial future
• Health Savings Account (HSA) with company contributions
• Wellness incentives that reward your preventative healthcare activities
• Tuition assistance to support your education and growth
• Flexible time off and company-paid holidays
• Social and fun events to build community at our locations!