Previous Job
Previous
Sr. Security Analyst
Ref No.: 18-03647
Location: Columbus, Ohio
Position:Sr. Security Analyst

The Senior Information Security Analyst is responsible for the day-to-day security operations within Retail Services for security related applications, databases, and other system environments within Information Security. This person is expected to champion processes and technology as a subject matter expert in various areas and to demonstrate this ability at a senior level. The position reports to the Manager, Information Security and works closely with teams in other information security disciplines, infrastructure, and operations areas to help provide superior protection to Retail Services information assets.

Responsibilities:
  • Analyze and evaluate requirements in the implementation of key IT projects and initiatives as they pertain to the organization's long-term security strategy.
  • Understand the various tools and technologies commonly associated with Information Security.
  • Serve as the subject matter expert in various technical information security disciplines and mentoring junior staff. Demonstrate self-learning in gaining knowledge of new technical developments and ensure they are shared appropriately and applied as applicable within the department.
  • Lead various projects in the InfoSec space, as assigned by leadership.
  • Identify areas of improvement where processes do not currently exist and drive the development and delivery of new processes to address these gaps.
  • Lead the creation of and the maintenance of relevant documentation.
  • Assist with development and delivery of Key Performance Indicators (KPIs) through the understanding of the tools and deliverables and by helping to develop, maintain and mature the associated reporting structure.
  • Applies knowledge from previous roles and jobs to current responsibilities.
  • Comprehensive understanding of the InfoSec team's strategy and vision and actively works as a change agent to support these initiatives both within the InfoSec team and the broader organization.
  • Ability to identify when to partner with leadership to resolve issues, risks and/or obstacles.
  • Identifies and understands drivers for change and will act as an individual champion or partner with leadership to deliver those changes.
  • Builds consensus for delivering results while finding common ground for collaboration and partnership.
  • Effectively partners with peers within the department to include them in key projects, risks or issues.
  • Performs consistently at or above the expectations of leadership in delivering good quality work and delivers work accurately and on time.
  • Perform other duties as assigned by leadership.
Required Skills:
  1. 5-8 years of working experience in an information security, IT audit, risk management or other related fields.
  2. Security certifications preferred, or able to complete certification within 12 months of hire (CISA, CISSP or other industry recognized certification as agreed upon by InfoSec Leadership)
  3. Working knowledge of and experience with information security techniques and underlying infrastructure.
  4. Monitor and respond to DLP events
  5. Interact with customers and supporting teams to manage events until closure
  6. Ensure that Service Level Agreements (SLAs) are met
  7. Assist in troubleshooting issues that may arise from an incomplete scan, scan related performance issues, agent related performance issues, alert generation, email and network traffic related performance issues
  8. Develop and enhance DLP policy to identify and appropriately protect data while in use, in motion, and at rest
  9. Assist in maintaining all DLP related documentation
  10. Continuously propose configuration and tuning opportunities of DLP systems, policies and response rules
  11. Develop workflows for incident and alert generation for policy violations
  12. Assist in providing best practice solutions for data protection
  13. Identify gaps in procedures, and willingness to communicate them to the team, as well as the business, and suggest improvements
Desired Skills:
  • Experience leading and/or coordinating projects; Broad range of skills with different technical platforms (servers, networks, storage, security, Internet and cloud based technologies, etc.)
  • Special consideration for experience with Mainframe and Cloud environments.
  • Working knowledge of ISO 27001/27002 and NIST security standards
  • Working knowledge of various regulatory compliance requirements including PCI DSS and SOX.
  • Ability to maintain the highest level of confidentiality and professionalism.
  • Possess analytical, problem-solving, project management skills, and a working knowledge of core banking platforms and FFIEC/FDIC requirements.
  • Ability to work in a team fostered, fast-paced, multi-tasking environment
  • Assist in developing and approving policies and standards for data loss prevention. Report common and repeat problems (trend analysis) to management; propose process and technical improvements.
  • Comfortable interacting consistently with affected customers and business areas to work to resolve issues regarding business processes that do not align with DLP best practices.