Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in relevant technical discipline and 3 years’ experience or equivalent combination.
• Strong customer service orientation
• Facility with the use of Microsoft Office 365 programs

Nice To Haves

• Experience working in a decentralized global organization, supporting staff and/or systems located in multiple states and/or countries.
• Multi-lingual skills and multi-cultural or cross-cultural experience appreciated.
• Time management and attention to detail.
• Experience in defining and documenting complex systems requirements.
• Experience in communicating effectively with internal and external audiences.
• Proficient with a written language other than English, particularly Spanish or Portuguese.
• Experience working with a Third-Party Risk Management platform.
• Experience with Cloud technology including AWS or Microsoft/Azure offerings for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS).
• Experience with security-related aspects of information systems including endpoint security products, client operating system configuration and networking technologies.
• Experience with Agile tools and concepts.
• Certifications such as Security+, GISF, Associate of (ISC)2, CIPP, CRISC, or PCIP

Responsibilities

• Act as a contact for all security review requests, both for internal and external party systems and services.
• Work with Privacy, and Legal teams to complete external party risk assessments.
• Perform technical assessments on both internal and external/third party systems and services.
• Participate in the implementation, and maintenance of the external party information security risk management program as part of TNC’s overall external party due diligence review process.
• Participate in the assessment, monitoring, and documentation of the security posture and risk profile of external parties with access to TNC data, information, and records or to TNC systems.
• Participate in the security-oriented reviews of contracting-related documentation and provide security guidance to RFI/RFP/RFQ processes.
• Work with Privacy and Legal teams to document the classification of data, information, and records held or processed by external parties.
• Work with Information Technology staff to document the specifics of implemented technology solutions.
• Provide assessment of external party or internal system security based on provided architectural and operational documentation.
• Perform technical testing to validate the security-related behavior of a system, service, or piece of software.
• Work with business unit, IT staff, or external party to resolve any findings from security testing.
• Provide other Information Security teams with documentation of system configuration and expected behavior for applications and services.
• Provide advice and consultation to staff on information security-related policies, procedures, and best practices.
• Write documents for and deliver presentations to both technical and non-technical audiences.
• Participate in security incident response activities.
• Resolve issues independently within program area.
• Willing to work flexible hours.

Benefits

• health care benefits
• flexible spending accounts
• a 401(k) plan with an 8% employer match
• parental leave
• accrued paid time off
• life insurance
• disability coverage
• employee assistance program
• other life and work well-being benefits