Job Description
The Information Security Analyst role is responsible for ensuring the security of the firm’s data and systems.
They will provide thought leadership and strategic input on the firm’s security policies, procedures, and standards. They will assist security operations by monitoring and assessing information security controls. They will respond to client outside counsel guidelines, questionnaires, and audits, and also conduct security assessments of vendors and other third-parties, ensuring these entities follow firm and client security requirements as well as industry best-practices. The Information Security Analyst will interface with Governance, IT Operations, and User Support groups as well as end users to audit and remediate gaps in security controls and processes.
Job Functions & Responsibilities
• Identify and remediate control gaps, aligning firm systems with information security standards and client requirements
• Provide technical insight to the Governance team for client information security assessments and governance, risk, and compliance initiatives
• Lead information security projects with limited supervision
• Lead and manage remediation activities resulting from audits
• Cross-train and mentor other engineers and analysts
• Provide project and task completion support for other IT staff
• Research, test, and recommend information security products based on the firm’s information security strategy, cost/benefit, and risk reduction methodologies
• Monitor and maintain endpoint protection, log aggregation, vulnerability management, data loss prevention, privileged session management, mobile device management, threat intelligence, and physical security systems
• Monitor threat intelligence feeds and security tools, escalating potential incidents
• Align firm security policies with business objectives and security requirements.
• Coordinate with training resources to develop, maintain, and improve the firm’s security awareness and training programs, participating in such programs as needed
• Provide after-hours support for data loss prevention and incident response as part of the information security on-call rotation
• Assist with the information security budgeting process
• Develop, maintain, and manage relationships with vendors and professional services
• Develop and maintain documentation related to responsibilities
• Perform other duties as assigned
• Computers, phones, and other network based equipment
Minimum Job Qualifications
• Perform other duties as assigned
• High school diploma or GED
• 8+ years of technical experience with large (>300 users) networks
• CISSP required
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily[1]understood and actionable manner
• Expert level client-service, writing, and verbal presentation skills, with excellent attention-to-detail and organization
• Expert knowledge of information security frameworks (ISO 27001, CIS Critical Security Controls, NIST)
• Expert knowledge of different attack scenarios, techniques, and countermeasures used to prevent those attacks
• High level understanding of IT infrastructure, security, and datacenter operations, including networking, servers,
storage systems, backups, remote access/thin clients, messaging systems, and database applications
• Ability to organize and prioritize multiple assignments
• Ability to work under the pressures of a dynamic and fast-paced environment
• Ability to work extended hours, nights, weekends and rotating on-call duties