Rich’s has been able to pull off something rare in the business world: a culture that successfully blends the latest business practices with family values. That means our associates are able to work for a great company while also benefiting from a work environment that fosters world class professionalism combined with family intimacy. Our benefit offerings are reflective of this unique blend of Life, Work and Family .
The Senior Information Systems (IS) Security Analyst is responsible for assessing information risk and facilitating remediation of identified vulnerabilities & risk across the organization. This position helps to safeguard the confidential information, assets and intellectual property across the organization (confidentially, integrity and availability).
Security Project: 70%
Recommends, implements and supports various IS risk management systems across the enterprise.
Develops and implements IS security policies, procedures and standards that meet existing and new business and regulatory requirements.
Helps facilitate, develop and support the IS security/risk training curriculum while continually learning and promoting the awareness of applicable regulatory standards, upstream risks and industry best practices
Leads a variety of IS security projects following standard (PMI) project management framework.
Define, implement and support access control requirements and processes to ensure appropriate information access authorization across the organization.
Acts as a technical resource to associates, department managers, and others within company who are seeking more information about information security.
Provide technical guidance to the Information Technology department staff about the risk and control measures associated with new and emerging information systems technologies (e.g. Cloud computing)
Leads and / or participates in periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications or infrastructure.
Provides communication and direction in regard to current security architecture within projects and corporate initiatives. (I.e. encryption, password management, network connections).
Participates as an information risk technical advisor on a variety of projects as required
Security O&M: 20%
Participates and / or leads IS Security incident response to security incidents (e.g. denial of service attacks, virus infestation, and / or internal fraud)
Assist with troubleshooting problems when they occur in production
Performs Internal business / security assessments, presents recommendations, and implements solutions.
Provides Information security support to affiliated companies, offices and subsidiaries.
Address questions from internal and external audits and examinations.
Security Strategy: 10%
Participates in the design, architecture standards and implementation of the overall Information security program
Develops detailed proposals and plans for new information security systems that would augment the capabilities of, or enable new capabilities for company networks or shared information.
All other duties and responsibilities as assigned.
Bachelor’s degree in MIS, CS or related field and minimum of 5 years Information Security experience.
CISSP or similar security certification required (e.g. CISA, CRISC, CISM, CGUX, etc.)
Current working knowledge of Cisco ASA firewalls required
Ability to work collaboratively with IT and Business unit management
Working knowledge security framework models such as ISO 27000, NIST, etc.
An in-depth / working understanding of the following systems is highly desired:
Current working knowledge of Cisco network switches, routers, and Anyconnect VPN
Current ability to work with and configure Fortinet firewalls
Symantec Email security Gateway and desktop encryption products
Linux / Unix administration
Implementation and administration of Data Loss prevention technologies
Nessus vulnerability tools
Deployment and administration of Citrix NetScaler systems
Python scripting / programming
Experience Deploying an organization wide data classification program
Contemporary understanding of security / privacy legislation
Experience with systems and network security
Experience with implementing and auditing security measures
Working knowledge of security products and utilities.
Expert knowledge in most network protocols.
Demonstrated planning, managing projects and organizing skills
Demonstrated coaching and mentoring skills
Effective verbal, written and interpersonal skills