My client, who is located in the financial district, is undergoing a digital transformation. They are building a highly energetic, talented team to help realize a vision of creating a next-generation digital platform that enables growth. As a hybrid-startup, they need talent with the vision, passion and attitude to accelerate delivery, but also the depth of experience to effectively manage the digital operation they create. If you have those traits and capabilities, and you are ready to join their Boston-based team, I would love to hear from you!
The Senior Information Security Analyst collects and monitors security data, assists with compliance, and supports the maturation and improvement of information security services. The position enables secure & resilient operations to facilitate business growth. The candidate will interface with consultants, managed service providers (MSPs), and internal team members to realize a vision for a highly effective security strategy. This role reports directly to the Senior Manager, Information Security.
- 3 - 5 years of experience in the IT security sector, with experience implementing security initiatives
- Knowledge or experience working energy or financial services sectors, preferably with customer facing business
- Must have a strong background in network security and related areas
- Knowledge or understanding of critical infrastructure preferred
- Be familiar with the NIST Cyber Security Framework
- Knowledge of NERC CIP Compliance and IT SOX standards is preferred
- CISSP required
- Working knowledge in network & data center operations
- Hybrid cloud, public cloud (Azure preferred), SaaS experience
- Strong analytical and problem solving skills
- Excellent communications skills and attention to detail
Essential Duties & Responsibilities
- Develop and implement security policies, technologies and processes to create a best in class security program to protect our business and platform
- Monitor the organization's information security systems and analyze alerts and reports
- Analyze vulnerability reports and track remediation of vulnerabilities
- Provide metrics to support the risk management program and Information Security program effectiveness assessment
- Support Security Training and Awareness efforts to include phishing campaigns.
- Research the latest IT security trends and technologies
- Participate in the designing of a security architecture into all application & infrastructure solutions
- Support internal & external risk assessments to evaluate security program effectiveness and conduct independent audits
- Analyze penetration test results and track remediation of findings
- Provide input into the security roadmaps and maturity assessments to ensure commitment to continuous improvement over time
- Safeguard company's information technology assets, intellectual property and computer systems by recommending best practices and technologies as appropriate
- Participate in incident response planning, investigation of security breaches and assist with security compliance matters as necessary
- Respond rapidly to all security incidents, conduct root cause assessments, and recommend solutions to mitigate repeat offenses.
- Support business continuity & disaster recovery efforts
- Support the validation of security solutions provided by MSPs to ensure they are functioning properly
- Support the NERC Critical Infrastructure Protection program
Contact Morgan Lang at 212-731-8292, Ext. 3369 or email: firstname.lastname@example.org with interest.