IT Information Security Analyst Job in Wellesley 02481, Massachusetts US
Summary: Duties include assisting with Loss Prevention program management and Disaster Response program management and consulting with IS personnel, business unit managers and end-users on information access issues. Providing problem resolution for security related access issues via the Incident Management system. Support the Sales customer Support Teams relating to security, privacy and compliance. This individual will also be responsible for supporting the Security Awareness Training program and participate in information security audits. This position is based out of our Wellesley, MA and Richardson, TX locations.
Responsibilities:
· Lead loss prevention and disaster recovery projects including requirements definition, task planning, research, testing, implementation, and management.
· Assist and help manage security projects including requirements definition, task planning, research, testing, implementation, and management.
· Helps drive compliance and remediation strategies to applicable regulatory requirements.
· Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
· Participate in the review proposals for outsourcing business activities to determine whether security controls would be compromised in the course of outsourcing the proposed activities.
· Define and use security metrics and statistics on incidents and on-line threats to demonstrate effectiveness, compliance, and return on investment.
· Provide status reports and timekeeping material; performing administrative tasks as required;
· Help to develop security awareness materials, security presentations, and information security training sessions.
· Assist with the process to monitor access controls and logs; ensure that all anomalies are addressed in a timely fashion and raised to Management as appropriate.
· Maintain documentation relating to access controls within the company's computing environment and provide reports that allow review of user activity.
· Help to define security requirements for current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
· Assist with performing end-to-end security assessments.
· Help coordinate response to information security incidents.
Requirements:
- Must possess three or more years experience working on medium to large multidisciplinary, security/ risk projects
- Bachelor’s degree with a minimum of 2 years of Information Security experience
- Equivalent education or experience may be substituted for any of the above.
- 2+ years conducting Information Security risk analysis/ assessments and application reviews, and providing recommendations
- Proven project management skills. Ability to organize, prioritize, and handle multiple tasks
- Demonstrated knowledge of information security concepts and methodologies, as well a practical understanding of security principles such as authentication, authorization, access controls, and protection strategies.
- Demonstrated experience working with information security related risks, as well as regulatory, audit, and compliance requirements, such as PCI, SOX HIPAA
- Demonstrated experience working on projects that require partnership with all company areas.
- Demonstrated ability to interface effectively and collaborate with clients, peers, vendors, and management to develop solutions and ensure stakeholder buy-in
- Demonstrated knowledge of technical and platform security technology, processes and strategies at the enterprise level to ensure that all business and technical initiatives are implemented to the appropriate level of protection.
- Ability to be flexible and quickly adapt to changing business needs and processes.
- Ability to interact effectively with all levels of management and customers.