Previous Job
Information Security Analyst
Ref No.: 18-05430
Location: Chicago, Illinois
Position Type:Direct Placement
Pay Rate : $ 65,000.00 - 75,000.00 /Year
Information Security Analyst
The Information Security Analyst is a member of the IT Security team and works closely with other IT teams and business stakeholders in the development and automation of core functions supporting the Information Security program.
The Information Security Analyst works to support the continued maturity of the GRC program through the development and compliance of IT Security policies and procedures and Security Awareness training.  He/she will also support GRC Audit deliverables and respond to client related security inquiries.
Duties and Responsibilities:
  • Support client needs by providing thorough and timely responses to security inquires, questionnaires, participation in onsite and virtual audits and risk remediation.
  • Support the GRC program through service delivery of operational activities and related functions to include but not limited to vendor management, security awareness, audit and compliance and exception management.
  • Provide input and analysis in the development and deployment of IT Security service deliverables to include but not limited to policy and procedures, risk assessment and control evaluation, security awareness and training, exception management and risk remediation.
  • Provide platform administration of GRC related solutions, as required and develop/ maintain system documentation supporting usage of third party solutions in the delivery of vendor management, security awareness training and phishing campaigns. 
  • Liaise with IT and business partners to provide guidance for compliance to established IT security policies and procedures, communication of security requirements and tracking and reporting of compliance status.
  • Maintain dashboards and reporting of respective service deliverables for inclusion in monthly metrics. 
  • Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans to include creation, tracking, closure and reporting of compliance status within GRC platform. 
  • Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans for related security risks and work within the information security governance process to define control recommendations that are both efficient and effective.
  • Participate and contribute to information security working groups and team meetings.
  • Maintain documentation of client interactions, risk assessments and IT Security Polices and supporting procedures within document management system. 
  • Other duties as needed.
Education and/or Experience:
  • Bachelor's degree or equivalent combination of education and/or experience 
  • A minimum of 3 years experience in the field of IT Security, Information Assurance or Security Awareness program development
  • Strong analytical skills
  • CISSP certification, CISA certification
  • Understanding of Control Standard Frameworks such as ISO 27001, ISF Standard of Good Practice for Information Security, etc.
  • Strong technical writing and system documentation experience (e.g. System Configuration, Design and Requirements Specifications, etc.)
  • Programing skills
Other Skills and Abilities:
  • The following will also be required of the successful candidate:
  • Strong organizational skills
  • Strong attention to detail
  • Good judgment
  • Strong interpersonal communication skills
  • Strong analytical and problem solving skills
  • Able to work harmoniously and effectively with others
  • Able to preserve confidentiality and exercise discretion
  • Able to work under pressure
  • Able to manage multiple projects with competing deadlines and priorities