Lead Security Analyst

The Security Architect provides strategic direction and day-to-day management of the company s security policies and compliance requirements. Responsibilities include the participation and execution to implement security measures that protect the company s assets. This role includes staying up to date on the latest intelligence and cyber attack methodologies.

Overall Responsibilities

Ensure the company has a secure architecture for authorization and authentication.

• Assist in fortifying business to business exchanges to ensure legal transactions and client communications are reliable and secure.
• Manage the preparation, execution and remediation of various security and risk assessments.
• Participate in compliance reviews and requests for mutually approved artifacts.
• Review and monitor company systems to verify established security baselines.
• Participate in the creation and testing of disaster recovery plans.
• Perform security incident reviews and recommend remediation action plans when required.
• Create and update incident response plans.
• Development of strategic, long term security architecture road map.
• Recommend and ensure proper implementation of new security solutions.
• Management of existing security tools.
• Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the company.
• Help ensure the security aspects of end user and equipment provisioning needs are enforced.
• Participate in education efforts of Company employees to include but not limited to: dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues.
• Execute defined audit and compliance activities that address security, privacy and risk.
• Ensure all security risks are managed and communicated clearly and effectively.
• Monitor methods of physical data security such as the storage of backup media and propose/implement any changes where necessary.
• Address issues of data security storage, transmission and backup.
• Troubleshoot all network security and integrity issues.
• Advise company of current threats and issues via available resources that include governmental and law enforcement agencies.
• Ensure monitoring and alert notifications are implemented in accordance with the business needs.
• Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production.
• Maintain working knowledge of various compliance needs and changes in various industries.
• Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements.
• Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools.
• Collaborate with audit, compliance, risk and IT team members.
• Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future.
• Provide subject matter expertise and advise company s personnel of best practices.

Required Skills

• Proven ability to professionally handle confidential matters.
• High degree of initiative, dependability and ability to work with little supervision.
• Ability to set goals and prioritize tasks across working groups.
• Excellent knowledge of network architecture and troubleshooting skills.
• High attention to detail with strong planning, project management and organizational skills.
• Ability to design, implement and/or manage projects performed by staff or outside contractors.
• Demonstrate a passion for fast-paced technology and desire to continually build upon current skills.
• Desire to explore, learn and apply new technologies independently and provide subject matter expertise in all areas of responsibility.
• Ability to be on call 24x7x365 when need arises and participate in overall monitoring efforts.

Qualifications

• A bachelor s degree in Information Systems Management, Computer Science, Engineering or related discipline.
• Four to seven years of similar experiences
• One or more of the following certifications are desired: CISSP, CRISC, CSSLP, CEPT.
• Superior verbal and documentation skills.
• Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI.