Cyber Security Analyst

Responsible for improving the overall security posture of the organization using critical and systems thinking skills. This position will research, evaluate, test, and document security solutions and controls, and work closely with other security team members to remediate risk while ensuring the business is able to innovate. The person in this position must continually adapt to stay a step ahead of cyber attackers and stay up to date on the latest methods attackers use to infiltrate computer systems. Analysts in this role are expected to consistently learn and grow. This is a proactive role and the person must be able to flex to meet changing operational and threat landscapes. Information security analysts collaborate with internal and external audit and exam teams, along with technology management and business stakeholders.

• Implement technical systems and monitor them for unusual and suspicious activity across a wide range of products.
• Assist with security configuration standards for systems and business applications.
• Serve as a member of the information security and change management teams.
• Participate in technical and non-technical projects requiring information security oversight and to ensure policies, procedures and standards are met.
• Serve as an additional security team member, aiding in incident response(IR) with the IR and security operations center (SOC) teams.
• Maintain vendor management standards, questionnaires, and documentation to adhere to regulatory compliance.
• Interface with internal and external auditors for risk assessments.
• Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.
• Serve as a liaison for the security team.
• Provide operational surge support to other security teams when necessary.
• Perform other duties deemed by management to be an integral part of the job, including, but not limited to fulfillment of work schedules, adherence to attendance policies, and other applicable operating rules, policies, and procedures

• 1 - 3 years' information technology experience, including:
• Minimum of 1 year experience related to information security technology, tools, and processes.
• Solid background in information protection and data privacy preferred.
• Support of implementation projects related to security programs.
• Interpretation and use of enterprise architecture diagrams to evaluate system connectivity, design, and implementation security risks.
• Information security principles including: NIST Cybersecurity and Risk Management Frameworks, threat and vulnerability management, cloud security controls, data protection, and privileged identity and access management.
• Developing, documenting, and maintaining security procedures.
• Proficiency in process formulation and improvement.
• Industry security standards (NIST 800, CSA, OWASP, and others).

• Minimum bachelor's degree in information technology discipline and/or business and/or technical related field. Years of experience in the field may be substituted for the bachelor's degree.
• InfoSec certifications from organizations such as CompTIA, ISC2,EC Council, or GIAC Essentials a plus.
• FAIR, SABSA, OT, or cloud certifications a plus.