The RoleThe Security Analyst, Information Security is responsible for managing and maintaining all documentation and related tasks to attain and maintain information security standards. The individual will be experienced in information security, with a focus on standards and frameworks; able to develop policies, processes, and procedures to protect confidentiality, integrity, and availability; able to actively read technical documents; proficient in identifying and analyzing risk; and proficient in written communication.
Travel Requirements:This will be a remote role located in the Continental US. Associated travel required will be 5%.
Responsibilities Include:- Assists in the development of security architecture with the management of security architecture, frameworks, policies, principles, and standards.
- Advises on the security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network appliances, and host-based security systems
- Participates in incident responses, assessments, audits, and compliance reviews
- Evaluate current information security policies, standards, and procedures and make necessary changes to ensure compliance with information security standards and frameworks
- Work with a cross-functional team of local and remote subject matter experts (product, service, QA, support, system, and sales engineers, and product managers) to plan, write, and edit technical information while meeting compliance requirements
- Manages responses to risk security requests and identifies risk within the business relationship
- Manages content creation, information architecture, and document control processes to ensure compliance with established quality and style standards. This includes working with standard templates to ensure documentation is Presidio-branded, approved, and released
- Create and coordinate the creation of technical written content and diagrams for contract deliverables and compliance documents
- Supports current system analysis to identify and propose required technical solutions for the successful implementation of information security controls
- Supports the security of requests through involvement in the change management program through the review and approval process throughout the enterprise
- Collaborate with and consult SMEs to create content and validate content for technical documentation in support of auditing initiatives
- Comply with templates and content checklist requirements across compliance documents
- Supports the development and implementation of security policy, standards, guidelines, and procedures to ensure ongoing maintenance of security
- Researches, evaluates, designs, recommends, and plans the implementation of information security technology and processes, and analyzes its impact on the existing environment
- Provides technical expertise for the information security program
- Collaborate with the Information Security Team
- Maintains excellent communication with the Director, Information Security, on all projects and tasks
- Continuous operational review of Information Security Objectives throughout the enterprise
- Ensure Presidio maintains compliance with security requirements
- Ensure compliance with framework requirements to obtain/retain certification
- Manage internal and external audits for relevant security standards
- Provide detailed assessment reports following each external audit
- Participate in the security operations process definition and design
- Collaborate with the Information Security Office Team
- Provides emergency on-call support as needed
- Perform other duties as assigned
Required Skills and Professional Experience: - Associate's degree (preferably in Computer Science) or the equivalent work experience and/or military experience
- 3-5 years of experience in a similar role
- Must hold one of the following security certifications: Security +, CSA, CASP, CISA, GIAC-GCNA, AAIA, etc.
- Experience with and/or knowledge of information security and privacy standards to include SOC2, ISO 27001, ISO 27701, ISO 42001, PCI DSS, GDPR, and HIPAA.
- Understanding of technical concepts and tools such as ftp, remote access, VPNs, firewalls, web application firewalls, egress filtering, vulnerability scanning, intrusion prevention, virus software, or other forms of network security required
- Skilled in project prioritization, problem-solving, issue management, and remediation
- Strong writing skills combined with strong presentation and public speaking skills
- Strong analytical thinking skills to include summarizing information and clearly identifying key elements, patterns, results, or relationships
- Experience in creating, generating, and maintaining data, reports, queries, etc.
- Experience with artificial intelligence tools and models
- Strong skills in presenting findings, conclusions, solutions, and information clearly and concisely
- Extensive experience working with all levels of staff, management, stakeholders, and vendors
- Ability to manage several projects simultaneously.
- Recommends and coordinates the implementation of administrative and technical controls to support and enforce defined security policies
- Understanding written sentences and paragraphs in work-related documents
- Utilization of logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems
- Identifying complex problems and reviewing information to evaluate options and implement solutions
Preferred Skills and Professional Experience:- Strong customer service skills and client focus
- Strong communication skills both written and verbal including the ability to communicate technical information in non-technical language
- Strong time management skills
- Good problem-solving skills
- Ability to remain calm and courteous in periods of stress
- Ability to work with a broad range of experience levels
- Maintaining complex operational processes
- Handling and escalating highly impactful operational issues to Management
- Has a strong ability to identify risks and translate that information to non-security internal/external teams
- Understanding written sentences and paragraphs in work-related documents
- Talking to others to convey information effectively
- Considering the relative costs and benefits of potential actions to choose the most appropriate one
- Assessment of one's own performance to make improvements or take corrective action
- Determining how changes in conditions, operations, and the environment will affect outcomes
- Conducting tests and inspections of products, services, or processes to evaluate quality or performance
- Identifying measures or indicators of system performance and the actions needed to improve or correct interpretation relative to the system's goals
