This Information Security Analyst I position is part of the Enterprise Information Security Office team.

Aspects of this role may include:

Plan, execute information security initiatives for one functional area related to risk management, mitigation and response, compliance, control assurance, and user awareness. Assist in developing and driving security strategies, policies/standards, ensuring the effective of solutions, and providing security-consultative services to the organization.

• Propose improvements and assist in the implementation of enterprise-wide security policies, procedures and standards to meet compliance responsibilities. Track changes to security policies, procedures, standards and system configurations. Monitor compliance with security policies, standards, guidelines and procedures. Ensure security compliance with legal and regulatory standards.
• Participate with team(s) to gather a full understanding of project scope and business requirements. Maintain awareness of current business processes and their security risks.
• Assist in business impact analysis to ensure resources are adequately protected with proper security measures. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Run security analysis reports using commercial tools or custom scripts and documents gaps. Update and maintain documentation for a global risk framework (a single view of the information security risk profiles and tolerance).
• Assist/perform in security assessments and performs security attestations. Inspect security logs to uncover possible security violations (e.g., break-ins, unauthorized activity). Check existing accounts and data access permission requests against documented authorizations. Support the coordination of all IT internal and external assessment components.
• Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.
• Participate in recovery drills. Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Provide responsive support for problems found during normal working hours as well as outside normal working hours.
• Resolve problems and assists with security incident handling. Respond to security incidents and assists in forensic investigations.
• Assist in application security risk assessments for new or updated internal or third party applications. Assist in the evaluation and recommendation for tools and solutions that provide security functions.