Job Title
Information Security Analyst
Duties
- Research, collect data, and create high quality security and operational documentation.
- Prepare Security Policy Documents, Security Procedure Documents, System Security Plans, System Design Documents, Data and Information Flows, and System Configuration Settings Documents.
- Articulate how systems are designed with security and articulate the configuration/setting related to every control and policy in compliance frameworks such as SOC2, SOC3, FedRAMP, ISO27001, CUI, and GDPR.
- Implement and convert security tools and technologies into auditor, business, and executive facing security documents.
- Create consistent, cohesive content, and documentation for customer audits, third-party assessments, and compliance.
- Work with developers, QA, PMs, auditor, and information security people to gather required artifacts and document evidence.
- Create internal and external documents and content to explain complex security information in a clear and concise manner.
- Create a process to support and maintain currency of documentations in response to industry, regulatory, or product changes.
- Conduct discovery and research to determine required changes to existing assets, assess which assets are impacted by changes, and draft new language to incorporate into assets.
- Support teams with cloud security, DevOps, and DevSecOps documentation.
- Interpret security industry standards (ISO 27001/27002, NIST 800 series, NIST CSF, COBIT).
- Build an InfoSec Management System and/or program.
- Assist in third-party audit process and articulate auditing gaps.
- Be responsible for system security, controls or information security management environment, specifically in one or more of the following information security domains: Security Architecture and Strategy (Integrated Risk Management); Identity & Access Management; Data Leakage Prevention (DLP); Cloud Access Security Broker(CASB); SIEM; Focus on Data Flow, Encryption; Large Complex Program Execution/Implementation; Security Function Design and Governance; Incident Management; and Security Infrastructure.
Requirement
Applicants must have a bachelor’s degree or foreign equivalent in Computer Science, Computer Applications, Information Technology, Computer Information Systems, Engineering (any), or related fields. We will accept a combination of education and experience equivalent to a U.S. bachelor’s degree as determined by a qualified evaluation service.