Senior Information Security Analyst at Rich Products Corporation
Posted in Information Technology 7 days ago.
This job brought to you by eQuest
Location: Buffalo, New York
Location: Buffalo, NY, US, 14213
Company: Rich Products Corporation
Rich’s has been able to pull off something rare in the business world: a culture that successfully blends the latest business practices with family values. That means our associates are able to work for a great company while also benefiting from a work environment that fosters world class professionalism combined with family intimacy. Our benefit offerings are reflective of this unique blend of Life, Work and Family .
The Senior Information Systems (IS) Security Analyst is responsible for assessing information risk and facilitating remediation of identified vulnerabilities & risk across the organization. This position helps to safeguard the confidential information, assets and intellectual property across the organization (confidentially, integrity and availability).
Security Project: 70%
- Recommends, implements and supports various IS risk management systems across the enterprise.
- Develops and implements IS security policies, procedures and standards that meet existing and new business and regulatory requirements.
- Helps facilitate, develop and support the IS security/risk training curriculum while continually learning and promoting the awareness of applicable regulatory standards, upstream risks and industry best practices
- Leads a variety of IS security projects following standard (PMI) project management framework.
- Define, implement and support access control requirements and processes to ensure appropriate information access authorization across the organization.
- Acts as a technical resource to associates, department managers, and others within company who are seeking more information about information security.
- Provide technical guidance to the Information Technology department staff about the risk and control measures associated with new and emerging information systems technologies (e.g. Cloud computing)
- Leads and / or participates in periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications or infrastructure.
- Provides communication and direction in regard to current security architecture within projects and corporate initiatives. (I.e. encryption, password management, network connections).
- Participates as an information risk technical advisor on a variety of projects as required
Security O&M: 20%
- Participates and / or leads IS Security incident response to security incidents (e.g. denial of service attacks, virus infestation, and / or internal fraud)
- Assist with troubleshooting problems when they occur in production
- Performs Internal business / security assessments, presents recommendations, and implements solutions.
- Provides Information security support to affiliated companies, offices and subsidiaries.
- Address questions from internal and external audits and examinations.
Security Strategy: 10%
- Participates in the design, architecture standards and implementation of the overall Information security program
- Develops detailed proposals and plans for new information security systems that would augment the capabilities of, or enable new capabilities for company networks or shared information.
- All other duties and responsibilities as assigned.
- Bachelor’s degree in MIS, CS or related field and minimum of 5 years Information Security experience.
- CISSP or similar security certification required (e.g. CISA, CRISC, CISM, CGUX, etc.)
- Current working knowledge of Cisco ASA firewalls required
- Ability to work collaboratively with IT and Business unit management
- Working knowledge security framework models such as ISO 27000, NIST, etc.
- An in-depth / working understanding of the following systems is highly desired:
- Current working knowledge of Cisco network switches, routers, and Anyconnect VPN
- Current ability to work with and configure Fortinet firewalls
- IBM SIEM
- Symantec Email security Gateway and desktop encryption products
- Linux / Unix administration
- Implementation and administration of Data Loss prevention technologies
- Nessus vulnerability tools
- Deployment and administration of Citrix NetScaler systems
- Python scripting / programming
- Experience Deploying an organization wide data classification program
- Contemporary understanding of security / privacy legislation
- Experience with systems and network security
- Experience with implementing and auditing security measures
- Working knowledge of security products and utilities.
- Expert knowledge in most network protocols.
- Demonstrated planning, managing projects and organizing skills
- Demonstrated coaching and mentoring skills
- Effective verbal, written and interpersonal skills