Join a global compliance team for one of Boston's leading Asset Management Firms. This role will report to the Manager of IT Security and is part of the IT Production Control & Risk Management group. The IT Security Risk Analyst is a member of the IT Security Risk & Audit team, and has project, audit, reporting, and documentation responsibilities. The individual also assists with staff action processing and security incident management, as well as day-to-day security support and operational tasks.
Primary Responsibilities: - Participates in IT security project management
- Generates and analyzes application, SQL, file system access audit documentation
- Performs access analysis for staff actions (onboarding/transfers/terminations)
- Assists in data classification & protection projects
- Manages email security functions
- Participates in weekly meetings with other internal risk management teams
- Supports the definition and implementation of security policies & procedures
- Maintains documentation for processes and procedures
- Identifies and supports quality improvement initiatives
- Assists in performing product evaluations in support of data security initiatives
- Performs IT security risk assessments of both new and existing in house and vendor based systems
- Contributes to company standards and policies related to IT security risks
- Maintains broad knowledge of best practices and trends in the field of Information Security
- Supports vulnerability management processes
- Assists in the adoption of new tools, processes and policies to enhance the firm's security posture
- Performs various duties around the formation, delivery and maintenance of the firm's Information Security Awareness and Communication Program
- Provides after-hours coverage for Security Events and Incident Response
- Provides technical security support to Business Areas and IT staff on products, projects, applications and services as required
- Participates and lead incidents as part of the Information Security Incident Response Team (ISIRT)
- Participates in Information Security meetings and activities as required
- Performs any and all other assigned Information Security Program tasks and functions
- Provides cross functional support for RFP generation by defining the security and compliance responses to appropriately address customer needs and leveraging the expertise of others to support
- Assists in workflow enhancement for various supporting processes
Required Skills: - Undergraduate with 3-5 years related experience, or graduate degree with information security specialization
- Strong written and verbal communications and interpersonal skills
- Motivated and passionate about learning and developing your skills
- Strong knowledge of information risk and security principles and practices
- Understanding of various processes and regulatory standards including: MA Privacy Law 201 CRM 17.00, NIST Standards, SEC Standards; Risk Assessment Methodologies; Audit; Incident Response & Forensics
- Familiarity with Microsoft Active Directory
- Experience working with Active Directory and relevant operating system security (Windows, Linux, etc.)
- Experience with the following is desired: CMDB, SIEM, data leakage prevention and eDiscovery technologies, Varonis DatAdvantage
- A security-related certification would be a plus (CISSP, CISM, CISA, etc.)