Who Will Love This Job
- A multi-tasker: You are capable of working in a fast-paced environment and can manage competing priorities effectively.
- A decision-maker: You are adept at making good decisions based on business priorities and objectives. You are confident in the decisions you make based on mixture of analysis, wisdom, experience, and solid judgment.
- A learner: You pick up on technical topics quickly and thrive on learning a new industry, company, or product.
What You'll Do
The IT Security Analyst supports the VP of Information Systems, Cherwell’s SaaS environment, business lines, and employees with governance, compliance and communication of Cherwell’s information security policies, procedures and standards. The IT Security Analyst functions as the focal point for information security compliance activities. Working with Information Technology team, the candidate will monitor, assess Cherwell business continuity program and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews. The position will be responsible for, but not limited to the following:
- Develops policies and procedures which enable agreed upon best security practices in the organization. The IT Security Analyst coordinates and administers documentation for securityprocesses and procedures for department and company.
- Maintains oversight of the compliance management program to ensure security principles are applies.
- Enforcement of standards responding promptly to detected offenses, developing corrective action, and reporting findings to the Director of Information Technology.
- Coordinates response to information security incidents.
- Coordinates and executes IT security projects.
- Conducts company-wide data classification assessment and securityaudits and manage remediation plans.
- Creates, manages and maintains user security awareness training.
- Provides on-callsupport as required, co-administers key applications assisting the IT System Engineer and provides assistance for security related incident response.
- Provides security positioning statements and consultation as it relates to company and SaaS environment for RFP’s and Sales opportunities.
- Collaborates with IT management, legal department, safety and security, and law enforcement agencies to manage security vulnerabilities.
- Manages security tools, hardware and vulnerabilities scanning tools to ensure they meet compliancy requirements.
- Ensures all tasks performed adhere to the firm’s ISO 27001 Information Security Management System (ISMS). This includes participation in annual information and networksecurity training and acceptance of spot checks on an ad hoc basis to guarantee that Cherwell is constantly improving upon the organization’s ISMS.
- Each member of our team must understand the importance of the ISMS and the subsequent handling of customer data.
What You Should Have
The IT Security Analyst will have a varied technology background, with a working knowledge of networking systems, LAN/WAN, Microsoft client and server operating systems, server virtualization technologies, telephony systems and security appliances and methodologies. The candidate will have a strong customer service ethic and demonstrate a level of organization and prioritization. The Analyst will be able to align business goals with security requirements and formulate requirements and recommendations for IT and the business as a whole.
The IT Security Analyst will have complementary skills in understanding security requirements and technologies such as firewalls, secure application design, secure coding, intrusion detection and prevention, VPNs, remote access, encryption, data protection, antivirus, spyware, etc. Ideally, the candidate will have software industry and SaaS specific knowledge and experience, with emphasis on specific regulations and concerns. Applicable security certifications will be considered as advantageous to the candidate.
- Bachelor’s degree in a related field or equivalent experience.
- 3-5 years’ experience in a security analyst role with exposure to general system administration.
- Experience and knowledge in securing technical platforms.
- Experience and knowledge of IT systems/data security as it relates to the SaaS environment.
- Strong understanding of regulations and best practices for technical deployments in a SaaS environment and software industry.
- Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., HIPAA, HITECH, FERPA, HITRUST, EU GDPR, etc.).
- Experience and knowledge in secure server and workstation deployment and support.
- General understanding of networking and telecommunications.
- Ability to learn quickly and maintain a diverse workload in a fast-paced environment.
- Proficiency with Word, Excel, PowerPoint, Microsoft Project, and Visio.
- This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
Nice to Have
- Security Certifications such as Security+, CISSP, GIAC, and others are desirable.