Previous Job
Previous
Senior Security Analyst
Ref No.: 17-03644
Location: Chicago, Illinois
Position Type:Full Time
Pay Rate : $ 100,000.00 - 115,000.00 /Year
 The Sr. Information Security Analyst will play an integral role in various Information Security & Cyber Security Programs in safeguarding information assets, systems and network as well as contributing to the company's growth forward with Information Security aspects.  Our Information Security Programs are based on international standards, and sponsored by executive decision makers.  This is a great opportunity for a successful candidate who is passionate about information security especially in risk management.
 
Responsibilities:
  • Risk Management
    • Perform bi-annual security risk assessments
    • Develop and maintain risk register
    • Work with cross-functional teams to appropriately mitigate risks
    • Assist security management with various metrics to effectively manage Cyber Risks at acceptable level
  • Policy Management
    • Maintain and improve relevant security plans, policies, standards and procedures such as Written Information Security Program (WISP)
    • Develop and maintain Cyber IRP, DDoS Playbook, etc.
  • Vulnerability Management
    • Contribute and lead efforts toward vulnerability detection for systems and networks
    • Promote awareness and lead vulnerability remediation based on risk
    • Ensure to maintain vulnerabilities within acceptable level of risk
  • Business Continuity
    • Develop and lead ISO 22301 based BCMS program
    • Perform annual business impact analysis and BCDR risk assessments
    • Maintain plans and procedures including BCDRPs
    • Lead and coordinate BCDR tests
  • Security Awareness
    • Promote awareness and advocate Security & Data Privacy throughout the company
    • Manage annual employee security awareness program
    • Perform brown bag sessions to promote security awareness
  • Compliance
    • Perform annual customer security obligation assessments and identify gaps
    • Ensure compliance with relevant regulations
    • Contribute towards strategy to provide security assurance for customers and prospects
  • Other
    • Work with team members to contribute security administrative duties
    • Exception management
    • Incident Response

Requirements:
  • BS or MS degree in related discipline
  • 3 or more years of progressive experience in security risk management
  • Experience with business continuity, performing and analyzing risk assessments
  • Proficiency and experience developing and implementing risk management models, tools, and metrics.  Ability to collect, evaluate, and summarize risk data into a company risk profile, and recommend risk reduction program priorities
  • Familiar with NIST Cybersecurity framework (CSF), NIST SP 800 series, ISO 27001/27002/22301, SSAE 16 SOC 2/3, PCI, HIPAA, HITRUST
  • Maintain at least one security certification such as CISSP, CRISC, CISM, ISSMP, GIAC, CIPM, CBCM or CEH
  • Excellent organization skills and ability to multi-task with can-do attitude
  • Ability to be flexible, proactive, and to comprehend quickly
  • Excellent written and oral communication skills
  • High level of initiative and resourcefulness
  • Operate with a considerable degree of credibility and business sense.
  • Self-starter, persistent and confident
  • Strong analytical ability with the capability to determine the root cause of problems and issues and provide solutions
  • Ability to work and lead effectively as part of a team
  • Demonstrated success in building and nurturing long-term business relationships