CentralSquare is seeking a Senior Information Security Analyst to join its Information Security, Risk & Compliance team. This unique and challenging position will work closely with key stakeholders to implement a securityarchitecture as it relates to cloud implementation and hosting, as well as maintain a secure operating environment for existing CentralSquare technology, applications, employees and office locations.
Cloud Security Responsibilities
- Work closely with stakeholders to drive securityarchitecture for cloud-based solutions.
- Identify and assist with deployment of security controls required to ensure the confidentiality, integrity, and availability of CentralSquare Cloud assets and infrastructure.
- Assist with Cloud implementation of the Secure Software Development Life Cycle, specifically related to program interfaces, application architecture, data protection, identity and access management.
- Perform governance duties including but not limited to tenant account review, new Use Case approvals, and change management.
- Perform risk management tasks as they relate to all CentralSquare tenant subscriptions and activity.
- Monitor and audit all CentralSquare-owned cloud environments.
General Information Security Responsibilities
- Work closely with Information Services to mitigate critical threats to the organization.
- Work closely with Information Services to identify and resolve system vulnerabilities.
- Implement security technologies to protect CentralSquare assets.
- Troubleshoot and resolve service desk cases related to information security issues.
- Research potential attempts to compromise the confidentiality, integrity, or availability of assets.
- Proactive event review of SIEM, syslog and other logging systems, as part of threat hunting initiative.
- Perform third party vendor security reviews as needed.
- Collaborate laterally throughout the organization to align security strategy with business needs.
- Perform other cybersecurity, risk and regulatory compliance duties as assigned.
Desired Skills & Education
- In-depth understanding of security controls as they relate to IaaS, PaaS, SaaS cloud models.
- In-depth understanding of best-in-breed technologies used to maintain a secure cloud infrastructure.
- Experience implementing data-loss prevention technologies.
- Knowledge of security control frameworks such as NIST CSF, ISO 27002, OWASP.
- Knowledge of common application attacks and mitigation strategies.
- Basic understanding of security standards such as PCI, HIPAA, and CJIS.
- CISSP, CCSP or industry-related certification desirable.
- Bachelors in a related field w/ 7+ years of experience in a cybersecurity role.
- Self-motivated and well organized. Must be able to prioritize tasks and work well under pressure.
- Strong oral, written, and interpersonal skills are required.
- Experience working with local government agencies a plus.