Overview: Management Science Associates, Inc. (MSA) is a diversified information management company that for over half a century has given market leaders the competitive edge in data management, analytics and technology. We are seeking an Information Technology Security Analyst to join MSA’s Information Technology Systems and Services (ITSS) division to support governance, risk management and compliance (GRC) initiatives.
- Develop and maintain Information Security Policies, Standards, and Guidelines. Develop and maintain governance, risk management and compliance (GRC) programs related to system and data protection efforts across the company. Define and deliver appropriate GRC metrics to upper management.
- Understand technology and operational risks to the Information Technology Services organization as well as related laws, regulations, and industry standards, specifically as related to internal technology solutions. Work with others to help promote effective management of identified risks in accordance with the Risk Management program.
- Work with division leaders and team members to implement GRC procedures and controls that are necessary to ensure and protect the safety and security of information systems assets, including prevention of intentional or inadvertent access, modification, disclosure, or destruction
- Enhance and improve operational performance through the use of automated Information Security GRC processes and testing activities, where applicable
- Perform information security and compliance assessments and audits to ensure that information systems are adequately protected to meet all appropriate requirements and associated controls
- Work with team members to maintain and update all IT controls, standard procedures, documentation, policies and enforcement of processes to enable compliance with regulatory requirements as well as company audits
- Develop, track and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
- Assess, document, and report security risks and control gaps. Collaborate with internal groups to direct compliance issues to appropriate channels for investigation and resolution.
- Gather and maintain information for IT Disaster Recovery/Business Continuity plans
- Assist in maintaining and propagating an effective compliance education, awareness and communication program for the organization
- Participate in the routine administrative work of the Information Security team including monitoring, vulnerability scanning, penetration testing, log review, web content filtering and incident response
- Bachelor's degree in Information Technology, Information Systems, Management Information Systems, Computer/Electrical Engineering or related discipline, or equivalent experience.
- Minimum five years of related experience in information technology governance, risk management and compliance (GRC) as well as experience with ISO 9001
- Strong understanding of NIST, HITRUST and Trust Service Principles (SSAE) framework
- Proven ability to apply toward internal IT controls for the purposes of internal and external audits including federal, state and local regulations
- Knowledge of privacy laws, data protection, security regulations and frameworks. Familiar with system, security and network engineering best practices and industry standards and trends.
- Knowledge of security tools and uses such as Intrusion Detection, Vulnerability Scanner and Application Assessment tools
- Excellent communication skills, both written and oral, with the ability to clearly communicate procedures, policies, and compliance status
- Excellent time management skills, including appropriate sense of urgency, dependability and a proactive approach
- Demonstrated problem solving skills with the ability to handle issues and manage risk. Uses good judgment to solve problems as well as proactively identifying potential problems and proposing solutions.
- Effective organizational skills with the ability to prioritize workload and meet project deadlines
- Attention to detail
- Proactive and positive attitude with diplomacy and the willingness to take responsibility. High degree of flexibility, motivation and drive. Able to adjust to changes in approach based on new information. Able to be self-directed in a fast-paced environment.
- Proficiency with Windows operating based computer systems and advanced MS office skills including MS Word, MS Excel, MS Access, MS PowerPoint, MS Explorer and MS Outlook calendar and email
- Well versed in IT infrastructure vulnerabilities and industry best practices in securing IT systems
- Experience with common operating systems, such as Linux and/or Microsoft Windows
- Knowledge of how security relates to a LAN and WAN environment
- Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
- Demonstrate an understanding of information systems and processes, and apply that knowledge in conducting IT audits
- Ability to learn and apply new concepts and rapidly absorb technical information as required
- Ability to anticipate and coordinate multiple projects. Closely track progress against a plan with strict adherence to deadlines.
- Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results
- Ability to remain professional under pressure and work in a fast-paced multi-tasking environment
- Embraces constructive feedback and continually seeks to improve performance
- Demonstrate integrity within a professional environment