Previous Job
Information Security Analyst
Ref No.: 18-03668
Location: Chicago, Illinois
Position Type:Direct Placement
Pay Rate : $ 70,000.00 - 90,000.00 /Year

Under the oversight of information security management or senior analysts direction, supports The Information Security and Incident Response programs. Applies industry knowledge of cyber security risks, threats, and controls to the environment. Must be able to weigh business needs against security concerns and articulate issues to management. Performs all procedures necessary to ensure the safety of information and to protect systems from intentional or inadvertent access or destruction. Interfaces with the user community to understand their security needs and implements procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security. Conducts security evaluations of systems, vendors, and processes. Requires some knowledge of firewall theory and configuration. Reports to the Information Security Manager.
  • Execute various security controls and testing
  • Gather, prepare, develop security metrics / compliance, and ad-hoc reports
  • Strong Information Security Awareness Program skills that include preparing creative presentations, marketing education and providing training classes
  • Conduct security risk assessments of vendors, systems, processes, and new products
  • Manage Threat Intelligence, oversee Vulnerability Management process, and perform related data analysis
  • Conduct proactive security reviews (access reviews, terminations, appropriateness, dormant/generic accounts, inactive users, etc.)
  • Facilitate the management of security incidents and lead the Incident Response Team, in accordance with the Incident Response Program
  • Represent the Information Security Team on enterprise-level project teams
  • Monitor usage of company resources and data
  • Day-to-day management of Information Security policies and procedures
  • Participate in physical security walk-throughs
  • Projects, as delegated by the Information Security Manager
  • Technical writing abilities required
  • 3-6 years in Information Security or Risk Management positions within financial institutions
  • Pursuing CISSP (Certified Information Systems Security Professional) certification - preferred
  • Strong understanding of risk-based approach and risk vs. reward analysis
  • Strong analytical, problem solving, and trouble shooting skills
  • Robust and Creative communications skills, that includes written and verbal skills that support the ability to communicate with a variety of levels within the organization
  • Demonstrates strong knowledge and understanding of IT environments and operational functions
  • Strong Information Technology background
  • CRISC (Certified in Risk and Information Systems Controls) certification - preferred
  • Knowledge of Sarbanes Oxley, the Gramm-Leach-Bliley Act, PCI standards, and other regulations
  • Working experience with Data Loss Prevention systems, and Network Access Control systems
  • Working knowledge of standard industry Frameworks
  • Experience with vulnerability management and remediation, and wireless network security
  • Interpersonal skills and collaboration skills are critical in working with all levels of employees and management
  • Experience in driving change and delivering quantifiable results
  • Action oriented, quick learner, and strong work ethic
  • Proven ability to manage multiple high priority tasks simultaneously with the ability to prioritize
  • Takes ownership and ability to drive and measure continual improvement actions
  • Proactive leader and thinker, who is able to work independently under general direction
  • Proficient in using Microsoft Office applications
  • Consistently monitors and assesses programs performance, industry trends, and identifies specific gaps to ensure objectives are satisfied
  • Provides input and makes recommendations regarding the program and process enhancements
  • Continuously seeks ongoing feedback and keeps lines of communication open with peers and management
Third Party Applications Not Accepted