Previous Job
Previous
Information Security Analyst
Ref No.: 17-19645
Location: Mahwah, New Jersey
Immediate need for a Senior Information Security Analyst with experience in the Supply Chain Industry. This is a 6 - 12 month’s contract opportunity with long-term potential located in Mahwah,NJ. Please review the job description below:
 
Job ID: 17 - 19645
 

Key Responsibilities / Key Requirements and Technology Experience:
  • Gather Supporting Data for Security Risk Assessments.
  • Conduct Security Risk Assessments as assigned. Determine data and asset sensitivity, understand the business requirements, objective and business impacts related to the IT System Solution.
  • Gather data usage information using security questionnaires, meetings, and conducting direct one on one question answer sessions with project/solution stakeholders
  • Determine the scope of the assessment, the parties that will need to be solicited for information, and the best avenue to solicited required information for analysis
  • Review needs for regulatory, contractual and architectural input, concerning PII, PCI, HIPAA, FAA, DOT, DOD, GDPR, SaaS, IaaS, PaaS, and others that apply to the solution or application.
  • Determine Security Controls Appropriate for Assessment Scope.
  • Analyze information gathered from control questionnaires, network and traffic flow diagrams, technical documents, and interview notes from project meetings to determine inherent risk.
  • Review the existing security controls, controls planned, and controls that are missing based on expert analysis and use of security frameworks, regulations, and policies that apply
  • Utilize knowledge of security engineering concepts related web services, security controls, cloud technologies, mobile technologies, traditional infrastructure, software development
  • Utilize knowledge of security frameworks, regulations, contracts and policy to ensure all security aspects of the solutions have been addressed and controls are defined
  • Utilize knowledge of information security threats, vulnerabilities, exploits, attack trends, intelligence briefings, anticipated future security concerns, cloud concerns, mobile concerns, social engineering.
  • Document the security controls gap observations in the existing control sets plan, adding targeted mitigation or remediation controls targeted to address the security gap to achieve an acceptable security baseline
  • Communicate the Information Security Control Gaps & Recommendations
  • Conduct security reviews and discussions with project management and technical experts to explain the recommended security control adjustments and reasons required for baseline security
  • Work with project managers and key stakeholders to communicate company policy, security best practice, legal regulations, and contractual elements driving security controls
  • Provide examples of control failures to ensure the concept of defense in depth is properly applied and points of failure are highlighted, especially single points of failure
  • Review security controls adjustment responses for the project team, and determine if risk is to be mitigated, remediated via compensating controls or accepted as residual risk
  • Create Executive Level Security Risk Assessment Reports
  • Prepare formal security risk assessment reports with executive summaries of residual risk, the details of the assessment, scope, analysis, mitigation controls proposed and adopted, and impact of residual risks.
  • Communicate and brief management team up to the Security Director and Senior Security Officer level explaining the potential risk associated with the solution including possible business impacts
  • Ensure risks are identified and defined properly and they are useful for decision making.
  • Review inherent and residual risks with Information Security Management Team to ensure business objectives are not negatively impeded by risk.
  • Utilize company supplied resources from internal CBTs, Libraries, to external training opportunities, enhanced by required certification as applicable, ie: ISC2, SANS, ISACA...
  • Contribute knowledge and recommendations for risk based assessments on emerging technologies, vulnerabilities, threats, and associated risks (examples cloud, mobile, containerization)
  • Develop opinion papers, technical reviews, security awareness articles to share knowledge and improve the overall security culture of the company and global security community
  • Obtain experience knowledge related to the various aspects of the company's lines of business to enhance impact understanding of potential technology risks
  • Participate in professional information security organizations such as ISC2, ISACA, ISSA, InfraGard, OWASP, as leaders, teachers, speakers to increase networking and community involvement
  • Preferred certifications: CISSP, CRISC, CCSP, CSIM, CISA.
  • The desired Senior Information Security Analyst will possess a degree in Information Systems, IT Management, Risk Management, Auditing, Computer Science, or related field or the equivalent in education and work experience.

Our client is a leading Supply Chain Industry and we are currently interviewing to fill this and other similar contract positions. Qualified candidates should apply online for immediate consideration.