Job Description:

TrueCommerce is the most complete way to connect your business across the supply chain, integrating everything from EDI, to inventory management, to fulfillment, to digital storefronts and marketplaces, to your business system, and to whatever comes next. To stay ahead in today’s dynamic global market, companies need to be able to do business in a lot of different directions at once. TrueCommerce has helped businesses be more connected, more supported, and more prepared for what’s next. That’s why thousands of companies – ranging from start-ups to the global Fortune 100, across various industries – rely on us.

TrueCommerce. Do business in every direction.

Our culture and values are what set us apart!  TrueCommerce provides an open and positive work environment where providing employees with a work/life balance is key. Work is not only challenging, but interesting and rewarding as well.  We encourage employees to grow and develop.  Additionally, TrueCommerce organizes events throughout the year like picnics, golf tournaments, chili cook-offs, winter holiday events, and opportunities to volunteer for charity.  Come join our team!

Summary

An Information Security Analyst is responsible for protecting the information assets of the business, and for maintaining and monitoring security standards. A key aspect of this involves identifying security and compliance risks, and helping the business control the cost of risk mitigation. The Information Security Analyst creates and maintains policies and processes as required by the goals of the business, for purposes including protecting the business and compliance with security standards, contractual obligations, regulations, or legislation.

Works with other business units to catalog systems and processes to determine compliance with standards. Oversees application penetration tests and network vulnerability scans to identify security vulnerabilities. Advises the business on security best practice and collaborates to improve processes and systems. Manages the relationship with external service auditors to secure organizational credentials or certifications.

May directly configure or monitor cloud service and on-premise security measures to protect against or detect security threats. In the event of a security incident, the analyst may be called on to join the response team dedicated to identifying and containing the threat.

Job Responsibilities Include:

• 
  Security Policy
  
  
  • Analyze business goals to identify applicable security, regulatory, and legal requirements.
  
  
  • Draft policy and process documentation aligning business goals with identified requirements. Secure management approval for policy and process changes.
  
  
  • Periodically review and revise policies and processes to keep them aligned with business goals and requirements.
  
  
  • Advise the company on security and data protection best practice. Ensure that this information is relayed through the company via an appropriate training program and available via intranet documentation.
  
  
  • Help the business maintain certifications by maintaining the relationship and managing projects with independent service auditors. Assist with the collection of evidence and data to support the certification process.
  
  
  • Stay up to date on changes in security standards, regulations, or legislation.
  
  


• 
  Risk Assessment and Remediation
  
  
  
  • Review business systems and processes to identify risks and gaps with compliance requirements.
  
  
  • Directly conduct, or manage via third parties, penetration tests and vulnerability scans to identify security vulnerabilities in networks, systems infrastructure, and applications.
  
  
  • Advise business units on plans to mitigate or eliminate identified vulnerabilities, risks, or gaps.
  
  
  • Monitor the business for compliance with policy.
  
  
  • Advise the business on the potential security or data protection implications for new products or business processes.
  
  
  • Stay informed on the latest security threats and advise management on the appropriate response.
  
  


• 
  Configuration and Monitoring
  
  
  
  • Directly configure or advise on the configuration of information security tools such as firewalls, proxies, SIEM, antivirus, IDS/IPS, and EDR. This includes maintenance of relationships with cloud security vendors which may directly manage these tools.
  
  
  • Monitor and analyze data produced by security tools and cloud security vendors. Ensure that this analysis connects these data sources to vulnerability management and incident response processes.
  
  
  • Analyze data collected from a suspected security breach and consult on the containment and elimination. Assess the damage caused by a breach and advise the business on remediation.
  
  

Experience

Required

• 4 - 5 years: Experience in an information systems field including software development or systems administration

Preferred

• Independent project management


• Familiarity with the application of security or trust service standards such as OWASP, ISO 27K, PCI, ISAE 3402, or SOC2.


• Experience applying secure software coding standards or configuring secure systems within the context of professional information security, development, or systems administration

Education

Preferred

• Bachelors or better in Computer Science or related field

Skills

Preferred

• Technical

See job description

Apply Now