Job Type
Full-time
Description
The
Senior Security Analyst is a key member of the Information Security department and reports to the Chief Information Security Officer and is responsible for strengthening organizational resilience and ensuring the confidentiality, integrity, and availability of mission critical systems and data. This role serves as a subject matter expert in data protection, quantitative risk analysis, and incident preparedness.
The ideal candidate is a proactive analyst with strong technical depth, exceptional communication skills, and the ability to collaborate across Security, IT, Operations, Product, and Executive Leadership to ensure resilient, secure, and compliant business operations.
Key Responsibilities:Data Security - Develop and enforce data security standards for data classification, handling, retention, encryption, backup, and destruction.
- Oversee the implementation and validation of controls that protect data at rest, in transit, and in use across cloud platforms, endpoints, applications, and SaaS services.
- Conduct technical assessments to evaluate dataflow risks, exposure points, and adherence to regulatory or contractual requirements (HIPAA, PCI, GDPR, etc., as applicable).
- Work with engineering and IT teams to improve data loss prevention (DLP), access control, monitoring, logging, and detection capabilities.
- Support secure architecture reviews of new systems or integrations, with emphasis on data security requirements.
Quantitative Risk Analysis - Develop and perform quantitative cyber risk assessments using models such as FAIR to estimate loss exposure, probability of threat events, and financial impact across critical assets and business processes.
- Translate technical security metrics (e.g., control effectiveness, threat frequency, vulnerability data) into defensible, data-driven risk scenarios to inform decision-making and investment prioritization.
- Develop and maintain risk models, dashboards, and Monte Carlo simulations to track changes in risk posture over time and measure the ROI of security controls and initiatives.
- Contribute to the continuous evolution of security governance, metrics, dashboards, and reporting.
Security Operations & Risk Management - Participate in security incident response, particularly in incidents involving data exposure, system outages, or operational disruption.
- Support internal and external audits related to data protection.
- Provide risk mitigation recommendations, security requirements, and technical guidance to cross-functional teams.
- Maintain detailed, accurate documentation for policies, standards, runbooks, testing logs, and security assessments.
Requirements
Qualifications:- Bachelor's degree in Information Security, Information Technology, Computer Science, or related field; or equivalent experience.
- 10+ years of experience in information security or IT risk roles.
- Handson experience developing quantitative risk assessment programs.
- Strong knowledge of data security principles, including encryption, access management, secure configuration, logging/monitoring, and DLP.
- Familiarity with cloud environments (AWS or Azure) and their native resilience/security features.
- Experience supporting incident response and conducting post incident reviews.
- Working knowledge of security frameworks and standards such as NIST CSF, CIS, SOC 2, HITRUST, GDPR, and others.
- Excellent analytical skills with the ability to assess complex technical systems and articulate risks clearly.
- Strong communication and documentation abilities, with experience preparing reports for technical and executive audiences.
- Relevant certifications such as CISSP, CISM, CRISC, or CCSK.
