Sr. Information Security Analyst - REMOTE

$100,000 - $115,000/Yr

Quorum Federal Credit Union - Harrison, NY

posted 5 months ago

Full-time - Mid Level
Remote - Harrison, NY
Professional, Scientific, and Technical Services

About the position

The Sr. Information Security Analyst plays a pivotal role in safeguarding sensitive data and fortifying our technology infrastructure, networks, and systems against an ever-evolving landscape of cyber threats. This position demands a unique blend of hands-on IT technical engineering expertise and business acumen with a focus on developing and implementing robust cybersecurity policies, procedures, and controls. In this role, you will have the opportunity to contribute to the organization's cybersecurity roadmap and priorities as well as foster cybersecurity awareness, education, and training for employees. Your analytical and problem-solving skills will be essential as you proactively monitor and assess cybersecurity threats, enabling you to implement effective mitigation measures and promptly resolve any information security issues that may arise. The Sr. Information Security Analyst will also partner with our outsourced Technology Managed Services Provider, ensuring strict oversight to guarantee the fulfillment of contracted services. You will collaborate on matters pertaining to security tools, network monitoring, endpoint data protection, identity management, vulnerability/patch management, and incident response, upholding the highest standards of security throughout our organization.

Responsibilities

  • Oversees the development, execution of information security policies, procedures, and controls to protect our organization's information systems, networks, and the confidentiality of data assets and sensitive information.
  • Ensures compliance with relevant regulations and industry standards including activities such as conducting internal audits, coordinating external audits, and ensuring adherence to compliance requirements.
  • Drives continuous improvement by proactively identifying and addressing Information security risks and vulnerabilities.
  • Communicates and collaborates with key stakeholders, within IT, executive management, and external partners or vendors.
  • Monitors effectiveness of security tools / processes and reports on the status of security services related to: Endpoint Intrusion Detection/Response, Endpoint Anti-Virus Malware, Vulnerability, SIEM and Patch management, Firewall Rules, Email Anti-Spam Quarantine, DLP, Identity Management, etc.
  • Responsible to configure and manage security tools, where applicable.
  • Provides vendor management oversight with our Technology Managed Services provider and other security vendor services to ensure adequate processes and controls are in place to monitor, detect and prevent cybersecurity incidents and threats.
  • Monitors and analyzes threat intelligence sources and conducts periodic technology risk assessments to identify emerging threats and vulnerabilities.
  • Prepares and delivers regular status health reports on security operations, vulnerabilities and risks, phishing and other security incident response activities, and compliance audit efforts to management.
  • Develops and implements Information Security education and awareness training programs across the organization.
  • Creates training materials, conducts regular training sessions, and measures the effectiveness of the training program.
  • Manages projects along with related communications and content to support deployment and employee training and awareness programs.
  • Monitors, analyzes, and reports on employee engagement and security awareness as well as provides recommendations to management for improvements.
  • Ensures cybersecurity awareness benefits are clearly visible and champions related efforts going forward across the organization.
  • Manages the employee Phishing testing program and related analytics and reporting to assess the success of the program.
  • Performs technology security architecture evaluations to assess for vulnerabilities and weaknesses, recommending appropriate security technologies and solutions to enhance the organization's security posture.
  • Manages changes related to technology upgrades and other changes to the information security environment.
  • Performs cybersecurity risk assessments related to implementation of new technology and recommends appropriate controls to mitigate risk.
  • Performs vendor due diligence information security risk assessments and SOC audit reviews.
  • Manages response and mitigation actions related to audit findings conducted by internal audit, regulatory agencies or by other third parties.
  • Monitors and audits Identity management and user access privileges across Active Directory, Azure and all Single Sign-on SSO connectors.
  • Functions as a project manager on departmental and/or organization wide projects. Leads discovery and information gathering sessions. Conducts analysis and presents business case to management encompassing benefits, risks, cost, and solution recommendation.

Requirements

  • Bachelor's degree in computer science, information technology or other related degree is strongly preferred, however a combination of education and related work experience may be considered.
  • Seven plus years of Information Technology experience.
  • Four plus years of demonstrated "hands-on" information security engineering experience.
  • Two plus years of demonstrated "hands-on" experience running Azure Cloud security products and tools (e.g., MS Defender, XDR, Sentinel, Purview, Entra, Azure Logs, etc.).
  • Certified Information Systems Security Professional (CISSP) and or Certified Information Security Manager (CISM).
  • In-depth knowledge of security technologies and tools, such as networking, firewalls, intrusion detection and prevention systems, endpoint protection, Patching, vulnerability, DLP and identity Management tools and processes.
  • Technical knowledge and experience with Azure Cloud PaaS and SaaS technologies and M365 environments.
  • Knowledge of relevant regulations and standards, such as FFIEC, SOX, PCI, NIST or NCUA / OCC preferred.
  • Technical knowledge of Windows server and desktop operating systems and related technologies. Experience supporting virtualized environments, particularly Virtual Desktop Infrastructure using Citrix and Azure VMs.
  • Good understanding of network protocols (for example: TCP/IP, DNS, DHCP etc.).
  • Experience using ITIL Service Management based ticketing systems.
  • Excellent written communication and interpersonal skills, with demonstrated ability to formally package and present business case risk and or solutions to management stakeholders.
  • Results Driven, Adaptive Thinking, Digital Proficiency.
  • Excellent problem-solving, analytical, and time management skills.

Nice-to-haves

  • Ability to provide IT service support and respond to incident alert notifications during off hours, on a rotational basis, is required.
  • Ability to physically lift, carry and install equipment weighing up to 25 lbs.

Benefits

  • Medical
  • Vision
  • Dental
  • Retirement Benefits
  • Paid Time Off (PTO)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service