The Information Security Analyst will need to provide accurate and timely monitoring and reporting of systems and potential risks related to the company. In addition, the position will administer prompt firewall change management, email support with spamwalls, and secure email by providing complete and concise Information Security education to keep the company in compliance with regulations and policies. This position will analyze and implement security solutions to protect company and client data, as well as perform regular security audits of information systems, and develop corrective action plans. Maintain and update information security processes, procedures, and documentation, while providing information security expertise to reduce risk and ensure appropriate levels of data confidentiality, integrity, and availability.
Adhere to all I.T. JSOX policies in performing day to day activities.
Periodically train on the I.T. department’s policies per schedule provided by the QC department and in compliance with JSOX.
Manage, support and administer I.T. JSOX monitoring and reporting tools.
Administer and enhance an ongoing risk assessment program.
Conduct regular vulnerability scans on systems and applications.
Assist with the development, implementation, monitoring, and maintenance of the Luitpold’s information security policies, procedures, standards, and guidelines.
Daily administration of information security systems that includes firewalls, spam filtering, URL filtering, data governance, syslog server infrastructure and other perimeter security systems.
Maintaining firewall ticketing system and document effective change management controls.
Experience with log aggregation tools such as Security Incident Event Management (SIEM).
Evaluate and report on potential risks and threats to Information and data systems.
Support, maintain and ensure Luitpold’s policy alignment with ISO/IEC 27001:2013 certification.
Evaluate and improve information system and security controls related to applications, business processes, change control, data center operations, and incident management processes.
Reviews existing security architecture, identify and analyze design gaps, and recommends security enhancements.
Stays abreast of current and emerging security threats and design security architecture to mitigate them.
Stays abreast of emerging security technologies and integrate them into security architecture as needed.
Ensures alignment between security architecture frameworks and standards and overall business strategy.
Serves as an information security expert and trusted advisor to partners in IT and the business.
Achieve security architecture compliance on requirements, including but not limited to: Sarbanes-Oxley, payment card industry standards, HIPAA/HITECH, global data privacy requirements, as well as state and federal regulations.
Implement and administer the security awareness training program for employees and authorized users.
Prepare corrective action reports and facilitate mitigation with appropriate personnel.
Actively participate in defining security requirements for information technology projects.
Manage, support and administer the Blackberry infrastructure including but not limited to the Blackberry Enterprise Server and Blackberry handheld devices.
Support existing Cisco VPN client and firewall installation.
Handle service calls for hardware and software issues.
Qualifications and Requirements
Successful candidates will have a record of sustained technical leadership, enterprise hardware, operating system, software management and professional growth.
A two or four year degree from an accredited university or college with course work in computer science, information security, management information systems, or a closely related field.
Minimum 1+ years of experience of full-time information security related experience
Preferred Certified Information Systems Security Professional (CISSP) or Global Information Assurance Certification (GIAC).
Must be self-directed with the ability to work with minimal oversight
Working knowledge of application & infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption, and Access Control)
Working knowledge of information security concepts, standards, and best practices
An understanding of the impact of emerging business and end-user technologies have on information security requirements and architecture
An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Strong application support experience with Microsoft office and browser based applications.
Keen attention to detail with proven analytical, evaluative, and problem solving abilities.
Ability to effectively communicate both in writing and verbally.
Demonstrated technical expertise in existing security and IT systems and an ability to keep pace with changing security and IT technologies
Strong interpersonal skills, with an emphasis on the ability to effectively influence others
Ability to conduct and direct research into IT issues and products.
Ability to multi-task; excellent organizational and planning skills required
A team-focused mentality with the proven ability to work effectively with diverse stakeholders
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
Ability to multi-task and remain productive in a service-driven and results oriented environment
Knowledge of data protection policies, procedures, and products.
Certification such as SSCP, CISM, or CISSP are considered a strong advantage
We are an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.