Information Security Analyst
We are seeking a skilled Information Security Analyst who is passionate about cyber security and is experienced in governance and compliance. In this role, you will be responsible for helping build a robust information security program as well as monitoring business practices, processes, and operations to identify and rectify any potential compliance risks. The successful candidate will have a strong analytical mindset, a keen eye for detail and a drive to stay ahead of evolving cyber risks.
Role and Responsibilities
- Oversee user access controls, ensuring that employees have appropriate access permissions based on their roles and responsibilities.
- Monitor security systems, logs, and alerts to identify potential security incidents.
- Conduct regular vulnerability assessments and penetration tests to uncover weaknesses in our systems.
- Analyze threat intelligence data to proactively identify emerging cyber threats.
- Collaborate with cross-functional teams to ensure security measures are integrated into projects and workflows.
- Respond to and manage security incidents, applying incident response best practices.
- Assist in the development and enforcement of information security policies and procedures.
- Evaluate and recommend security tools and technologies to enhance our security posture.
- Stay current with industry trends, emerging threats, and new technologies.
- Stay updated with the latest laws, regulations, and industry standards that apply to the organization’s operations.
- Conduct internal audits to ensure adherence to policies and regulations.
- Maintain accurate and up-to-date records of compliance efforts, audit findings, and corrective actions taken.
- FISMA assessments, System Security and Privacy Plan upkeep/maintenance
Qualifications
- Bachelor’s degree in information security, or a related field. We will also accept equivalent experience and certifications.
- Strong knowledge of information security principles, practices, and technologies.
- Familiarity with security frameworks, standards, and regulations (e.g., SOC 2, NIST 800-53, FISMA).
- Experience with security tools such as IDS/IPS, SIEM, antivirus, and vulnerability scanning tools.
- Excellent analytical and problem-solving skills.
- Ability to communicate complex technical issues to both technical and non-technical stakeholders.
- Relevant certifications (e.g., CISSP, CISM) are a plus.
- Knowledge of cloud security and emerging technologies is advantageous.