Job Summary:
The Senior Information Security Analyst with EdgeCo Holdings will design, plan, implement, upgrade, and monitor security protocols, policies, processes, procedures and programs for the protection of the organization’s computer networks and information systems according to company standards and objectives.
As a Senior Information Security Analyst, you will work in the Information Security department to ensure that security operations, security engineering, GRC and security architecture functions and solutions are collaboratively integrated into the Information Security program using a risk management approach to meet company goals and objectives.
Location: Ideal candidates will be located in Pittsburgh, PA and work in a hybrid capacity.
Duties/Responsibilities:
- Collaborate with users, stakeholders and other team members to discuss and define computer data access needs, and identifying security threats and violations.
- Identify and recommend needed information security program requirements, changes and updates for current and future compliance state.
- Use information security controls including preventative, detective, & corrective via an understanding and assessment of logical, administrative and physical controls to design, implement and manage information security risk accordingly.
- Serve as SME for one or more Information Security tools as primary owner, ensuring alignment to current and future information security requirements as assessed against business regulatory and compliance environment.
- Develop and implement plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure according to information security program standards and policies for confidentiality, integrity and availability.
- Review violations of security procedures; provide training to ensure violations do not recur, while improving controls, documenting processes and procedures to ensure consistency in response and tracking the root cause and long-term remediation.
- Monitor and restrict access to sensitive, confidential, or other high-security data through risk assessments, tools, processes, procedures and programs to meet standards of care for data classification types.
- Envision security solutions, and justifies approach, risk reduction and plan to improve Information Security Program in a rationalized and professionally communicated and managed fashion.
- Perform risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures.
- Safeguard system security and improve overall server and network efficiency by training users and promoting security awareness. Provide strategy and input on security awareness program effectiveness, enhancements to increase efficiency for human behavior impacts and reduce risk.
- Manage multiple security processes and programs within the infosec program to ensure compliance to risk appetite and tolerance for said processes and programs while ensuring accuracy, consistency, reporting metrics, and status per company standards.
- Serve as primary owner for GRC activities to support inbound due diligence activities & 3rd party risk management infosec response, improve processes and tools to reduce delivery time, and increase consistency and accuracy in processes owned by Information Security team.
- Manage information security audit functions through GRC toolset to meet SOC-I, SOC-II and other audit functions by creating, collecting and overseeing consistency of evidence through tasks in support of Information Security Program compliance standards.
Skills & Experience:
- Bachelor’s degree in computer science, Programming, or a related field required.
- A minimum of 8 years of experience in computer systems with some specialization in information security highly preferred.
- Demonstrated problem-solving and analytical skills.
- Proficient, or able to gain proficiency with, a broad array of security software applications and tools as appropriate to facilitate InfoSec GRC functions and process management.
- Understanding of information security tools, processes, procedures, best practices, frameworks and requirements not limited to but including security frameworks such as PCI-DSS, SEC Requirements, NIST CSF, etc.
- Demonstrated prior experience, skills, training and knowledge in a relevant role.
- Appropriate exposure/experience to enterprise information security risk management, security programs, and controls aligned to job description.
- Professional, collaborative communication and interaction skills across all communication mediums including in person, electronic, virtual meetings etc.
- Proficient in Microsoft Office Suite or related software.
- Excellent verbal and written communication skills.
- Collaborative & lifelong learning skills/personality with exposure to industry practices for project management, process improvement, change management, and communication and learning styles.
- Organized with attention to detail.