This job listing has expired and the position may no longer be open for hire.

Senior Information Security Analyst at Rich Products Corporation

Posted in Information Technology 30+ days ago.

This job brought to you by eQuest

Type: Full-Time
Location: Buffalo, New York

Job Description:

Location: Buffalo, NY, US, 14213

Company: Rich Products Corporation

Rich’s has been able to pull off something rare in the business world: a culture that successfully blends the latest business practices with family values. That means our associates are able to work for a great company while also benefiting from a work environment that fosters world class professionalism combined with family intimacy. Our benefit offerings are reflective of this unique blend of Life, Work and Family .

PURPOSE STATEMENT

The Senior Information Systems (IS) Security Analyst is responsible for assessing information risk and facilitating remediation of identified vulnerabilities & risk across the organization. This position helps to safeguard the confidential information, assets and intellectual property across the organization (confidentially, integrity and availability).

KEY ACCOUNTABILITIES/OUTCOMES

Security Project: 70%

  • Recommends, implements and supports various IS risk management systems across the enterprise.

  • Develops and implements IS security policies, procedures and standards that meet existing and new business and regulatory requirements.

  • Helps facilitate, develop and support the IS security/risk training curriculum while continually learning and promoting the awareness of applicable regulatory standards, upstream risks and industry best practices

  • Leads a variety of IS security projects following standard (PMI) project management framework.

  • Define, implement and support access control requirements and processes to ensure appropriate information access authorization across the organization.

  • Acts as a technical resource to associates, department managers, and others within company who are seeking more information about information security.

  • Provide technical guidance to the Information Technology department staff about the risk and control measures associated with new and emerging information systems technologies (e.g. Cloud computing)

  • Leads and / or participates in periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications or infrastructure.

  • Provides communication and direction in regard to current security architecture within projects and corporate initiatives. (I.e. encryption, password management, network connections).

  • Participates as an information risk technical advisor on a variety of projects as required

Security O&M: 20%

  • Participates and / or leads IS Security incident response to security incidents (e.g. denial of service attacks, virus infestation, and / or internal fraud)

  • Assist with troubleshooting problems when they occur in production

  • Performs Internal business / security assessments, presents recommendations, and implements solutions.

  • Provides Information security support to affiliated companies, offices and subsidiaries.

  • Address questions from internal and external audits and examinations.

Security Strategy: 10%

  • Participates in the design, architecture standards and implementation of the overall Information security program

  • Develops detailed proposals and plans for new information security systems that would augment the capabilities of, or enable new capabilities for company networks or shared information.

  • All other duties and responsibilities as assigned.

KNOWLEDGE/SKILLS/EXPERIENCE


  • Bachelor’s degree in MIS, CS or related field and minimum of 5 years Information Security experience.

  • CISSP or similar security certification required (e.g. CISA, CRISC, CISM, CGUX, etc.)

  • Current working knowledge of Cisco ASA firewalls required

  • Ability to work collaboratively with IT and Business unit management

  • Working knowledge security framework models such as ISO 27000, NIST, etc.

  • An in-depth / working understanding of the following systems is highly desired:

  • Current working knowledge of Cisco network switches, routers, and Anyconnect VPN

  • Current ability to work with and configure Fortinet firewalls

  • IBM SIEM

  • Symantec Email security Gateway and desktop encryption products

  • Linux / Unix administration

  • Implementation and administration of Data Loss prevention technologies

  • Nessus vulnerability tools

  • Deployment and administration of Citrix NetScaler systems

  • Python scripting / programming

  • Experience Deploying an organization wide data classification program

  • Contemporary understanding of security / privacy legislation

  • Experience with systems and network security

  • Experience with implementing and auditing security measures

  • Working knowledge of security products and utilities.

  • Expert knowledge in most network protocols.

  • Demonstrated planning, managing projects and organizing skills

  • Demonstrated coaching and mentoring skills

  • Effective verbal, written and interpersonal skills