Senior Information Security Analyst

About The Position

Requirements

• Bachelor’s degree in Business Information Systems, Computer Science, Computer Engineering, Business, or equivalent experience
• 5+ years of direct experience in information security governance, compliance, and risk management, with prior experience in other IT or cyber security roles.
• Working knowledge of information security-related frameworks and standards, including ISO/IEC 27001:2022 Information Security Management and additional frameworks including NIST 800-53, NIST 800-171, IEC 62443, NERC CIP, and CMMC.
• Experience with Governance, Risk, and Compliance (GRC) tools.
• Strong customer service orientation with the ability to take initiative in pursuit of improved service.
• Excellent communication skills (written, verbal, listening, and presentation); able to liaise effectively with internal and external stakeholders to support decision making and achieve desired results and influence others towards conformance with the ISMS
• Ability to independently collaborate with team members, subject matter experts, cross-functional teams, and stakeholders.
• Strong analytical skills, especially related to security governance, strategic planning, problem resolution, and change management.
• Ability to use technical acumen and analytical skills to analyze data and drive informed decisions, problem-solve issues, and leverage data and learnings to drive continuous improvement.
• Excellent organizational skills with ability to prioritize tasks and meet targets.
• Embraces change and has the ability to coach junior team members through change and ambiguity.
• Proficient with Microsoft business applications (Teams, SharePoint, Office applications, etc).
• Experience developing process workflow diagrams using Visio or an equivalent tool.
• Ability to travel as required.

Nice To Haves

• Security+ CE certification or equivalent
• ISO/IEC 27001:2022 Lead Implementer or Auditor certification or equivalent
• Certified Information Systems Security Professional (CISSP) or equivalent
• Certified Information Privacy Manager (CIPM) or Professional (CIPP)
• Familiarity with relevant privacy regulations, including the California Consumer Protection Act (CCPA), other U.S. State privacy laws, the European Union’s General Data Protection Regulation (GDPR), and other international privacy regulations.
• Experience with implementing, managing, or utilizing tools for managing information protection, insider risk management, and/or data loss prevention (DLP).

Responsibilities

• Support the continuous improvement and monitoring of the Information Security Management System (ISMS) across the organization, including third-party suppliers.
• Ensure that security measures are fully integrated, operational, and compliant with applicable regulations and standards.
• Support and execute the planning, preparation, and execution of compliance audits.
• Ensure implementation of ISMS documentation and technology platform, such that all assigned security policies, procedures, and processes are accurately maintained, automated, and streamlined reducing manual intervention and improving efficiency.
• Integrate experience and insights into actionable ideas or solutions to manage information risk and advise cross-functional teams, third-party vendors, and other stakeholders.
• Maintain and validate an accurate and up-to-date information asset inventory process, ensuring the completeness and accuracy of assets.
• Perform regular asset-based and scenario-based risk assessments to identify vulnerabilities and risks associated with assets and inclusion in the risk register.
• Identify, assess, and track treatment plans for information security and privacy-related risks and nonconformities for their severity, potential impacts, and their probably of recurrence.
• Coordinate and communicate updates to process, policies, and procedures based on the treatment of risks and nonconformities.
• Assist in completion and maturation of supply chain risk management activities and administer associated technology platforms to ensure conformance with the standard and compliance with legal, regulatory, and contractual requirements.
• Activities include, but are not limited to, tracking third-party security scores and working with third-parties and internal functions to improve their security scores, performing contract reviews, and completing customer questionnaires while managing improvement to security processes reflected in responses.
• Support the development and monitoring of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the ISMS.
• Collect, analyze, and summarize relevant data to be reported to leadership, helping drive strategic security initiatives and ensuring ongoing compliance with regulatory and customer requirements.
• Stay up-to-date on emerging regulations, customer requirements, and best practices, ensuring that the ISMS evolves, as necessary.
• Ensure stakeholders are informed on how to address changing compliance environments, including privacy regulations (e.g., GDPR, CCPA, and other relevant U.S. state laws).
• Mentor and coach lower-level information security analysts.
• Review their work for quality, consistency, and alignment with ISMS standards.
• Maintain regular and punctual attendance.
• Attend in-person or virtual meetings as requested or required.
• Communicate effectively and respectfully with others.
• Other responsibilities as assigned
• Understand and comply with all applicable Company policies and rules.

Benefits

• competitive and equitable compensation
• annual incentive plan (AIP)