Senior Security Analyst

Profile

Manage the preparation, execution and remediation of various security and risk assessments.
Participate in compliance reviews and requests for mutually approved artifacts.
Security resource with the disaster recovery team.
Recommend and ensure proper implementation of new security solutions.
Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production.
Maintain working knowledge of various compliance needs and changes in various industries.
Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements.
Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools.
Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future.
Provide subject matter expertise and advise firm’s personnel of best practices.
Provide mentorship to other Security Analyst(s).
Lead Vulnerability Management program.
Lead Firm wide Security Awareness education, including phishing simulations.
Assist with the ongoing development, documentation and execution of best practices in the use of technology and workflow processes
Lead education efforts of Firm employees to include but not limited to: dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues
Assist with review of contractual client security requirements and ensure the firm is aligned
Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the firm
Participate in data loss prevention initiatives including implementation of appropriate processes with the business and management of technical solutions to prevent data loss
Threat monitoring with various threat feeds to provide intel and recommendations for vulnerability management
Participate in Vendor Management Program activities, including downstream vulnerability identification, monitoring, and remediation to ensure vendors’ security programs align with firm and client requirements
Management and utilization of existing security tools
Point of contact for end user security and phishing questions and support
Execute defined audit and compliance activities that address security, privacy and risk
Maintain working knowledge of various regulatory compliance needs and changes in various industries and promote change within the organization
Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements
Participate in budget process to include recommendation of solutions to close gaps or improve position for security and vendor management
Assist with internal risk assessments and maintenance of risk register
Assist with ISO 27001 certification
Perform other duties as assigned
Requirements
A bachelor’s degree or equivalent work experience preferred in Information Security
Minimum of 5 years of related duties and responsibilities; prior law firm background preferred
Ability to communicate and document comprehensive technical issues for a nontechnical audience in a professional manner
Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI
Equal Opportunity Employer
Click here to apply

Company info

Sign Up Now - EmploymentCrossing.com