Acco Brands - Lake Zurich, IL

posted 3 months ago

Full-time - Mid Level
Lake Zurich, IL
1,001-5,000 employees
Merchant Wholesalers, Durable Goods

About the position

ACCO Brands is seeking a talented individual to join the Information Technology team as a Sr. Cybersecurity Analyst at the Lake Zurich, Illinois location (hybrid). This position will serve as the subject matter expert on all cybersecurity matters, technical and otherwise, involving the security and protection of information systems, data, and the organization's assets. The role includes engaging in cybersecurity control and process improvement activities, being a key member of the cybersecurity incident response team, driving and assisting in cybersecurity projects, performing cybersecurity operations responsibilities, third-party reviews, and other related activities. In this role, you will maintain up-to-date detailed knowledge of the cybersecurity industry, including awareness of security solutions, improved security processes, and the development of new attacks and threat vectors. You will build and maintain effective relationships with peers and internal business partners, lead and assist in creating effective controls to address security gaps and remediation efforts, and perform daily cadences, which include monitoring and reviewing cybersecurity systems, investigating events and incidents. You will also recommend additional security solutions or enhancements for existing IT solutions to improve overall enterprise security, assist in implementing the cybersecurity roadmap, and enhance maturity. Your responsibilities will include performing maturity and organizational annual risk assessments, driving the Threat Vulnerability process to identify threats and exploits, and making recommendations to mitigate vulnerabilities. You will partner with global teams to drive remediation of exploits and vulnerabilities that meet SLA requirements, drive and configure annual phishing and social engineering campaigns, and participate in the planning and design of enterprise security strategy, processes, and procedures. Additionally, you will lead incident response activities, including incident discovery, investigation, containment, remediation, recovery, and closure. You will perform root cause analysis and create reports based on outcomes of incident investigations, provide project support for both IT and business initiatives to ensure security controls are built in from the beginning of the project, and analyze system performance for potential security problems. You are expected to stay up to date on the latest cybersecurity intelligence, including hacking methodologies and the kill chain, to anticipate security breaches and compromises. Ensuring control compliance with audit, regulatory, and legal requirements, such as PCI, GDPR, and Sarbanes-Oxley, will also be part of your responsibilities.

Responsibilities

  • Maintain up-to-date detailed knowledge of the cybersecurity industry, including awareness of security solutions, improved security processes and the development of new attacks and threat vectors.
  • Build and maintain effective relationships with peers and internal business partners.
  • Lead and assist in creating effective controls to address security gaps and remediation efforts.
  • Perform daily cadences, which includes monitoring and reviewing of cybersecurity systems, investigating events and incidents.
  • Recommend additional security solutions or enhancements for existing IT solutions to improve overall enterprise security.
  • Assist at Implementing the cybersecurity roadmap and enhancing maturity.
  • Perform maturity and organizations annual risk assessment.
  • Drive the Threat Vulnerability process to Identify threats and exploits and make recommendations to mitigate exploits and vulnerabilities.
  • Partner with global teams to drive remediation of exploits and vulnerabilities that meets SLA requirements.
  • Drive and configure annual phishing and social engineering campaigns.
  • Participate in the planning and design of enterprise security strategy, processes and procedures.
  • Lead and assists in driving security related projects as applicable.
  • Investigate cybersecurity violations to determine if the organizations environment has been breached, assess the impact and preserve the evidence.
  • Enhance the security education, training and awareness program for the organization.
  • Assist in managing, maintaining and executing a continuous incident monitoring program.
  • Perform control validation and remediation validation to ensure controls comply with security policies, procedures, and technical requirements.
  • Create periodic metric reports and slides to demonstrate control effectiveness using monitoring tools.
  • Lead incident response activities, including incident discovery, investigation, containment, remediation, recovery, and closure.
  • Perform root cause analysis and create reports based on outcomes of incident investigations.
  • Provides project support for both IT and business initiatives to ensure security controls are built in from the beginning of the project.
  • Perform third party security risk assessments, share results, and recommend a remediation approach.
  • Analyze system performance for potential security problems. Prepares system security reports by collecting, analyzing, and summarizing data trends.
  • Collaborate with other Teams to ensure appropriate security incident management and threat response processes are followed.

Requirements

  • Bachelor's degree in information security (or associated discipline) plus at least 3 years of experience working with vulnerability management, incident response; or equivalent combination of education and experience.
  • Broad knowledge of networking, infrastructure, and application technologies, including SIEM (Security Incident Event Management) approach to log management.
  • General understanding of PCI DSS requirements and Gen AI risks and controls.
  • Security certification is preferred (CISSP, CISA, CEH).
  • Work both independently and as part of a team at all levels and across all business units.
  • Demonstrate an understanding of business processes, internal control risk management, IT controls and how they interact together.
  • Demonstrate solid knowledge of information security risk and countermeasures.
  • Specific technical knowledge in Office 365, endpoint security solutions, Windows security, Internet technologies, Networking technologies and Encryption technologies.
  • Experience interacting with a Managed Security Service Provider (MSSP) a plus.
  • Experience with EDR/MDR/XDR technologies, email hygiene solutions, SSO, MFA and next generation firewalls are preferred.

Nice-to-haves

  • Experience interacting with a Managed Security Service Provider (MSSP) a plus.
  • Experience with EDR/MDR/XDR technologies, email hygiene solutions, SSO, MFA and next generation firewalls are preferred.

Benefits

  • Health insurance
  • Dental insurance
  • 401k plan
  • Paid holidays
  • Flexible scheduling
  • Professional development opportunities
  • Employee discount programs
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service