|
Reference Number:
F-8175-3
Job Description:
The IT Security Analyst Consultant is responsible for complex analytical and design tasks and activities associated with planning, monitoring, and evaluating the usefulness and performance of all core infrastructure security systems and their integration with the IT technical infrastructure (Network, Operating Systems, Data, and Connectivity) and operation processes across the entire Company. Recommends applications, operating systems, and telecommunication security solutions. Assists with establishing and communicating a common goal and direction for the IT Security department. Functions as a liaison with 3rd party Managed Security Service Providers (MSSP) on behalf of the Company. Participates in live security incident remediation of a disruptive and damaging nature.
Sought out as an expert and unique individual contributor to help advise and address information security, security architecture, analysis and design issues. Works on problems of significant and critical impact and complexity in the area of security technologies where analysis of situations or data requires a review of a variety of factors and creativity to determine an appropriate solution. Exercises superior judgment in selecting methods and techniques to solve problems. Serves as an escalation point and training resource to less experienced staff members.
- Conducts security investigations of a highly confidential nature and ensuring the protection of sensitive information
- Executes forensic investigations in conjunction with the Corporate Investigations, Human Resources, Legal and Compliance Departments to identify fraudulent activity
- Adheres to the Standards of Evidence in the recovery, examination and preservation of information from computers and other data storage devices
- Develops, writes and recommends standards, methodologies, procedures and guidelines for responding to incidents and conducting information technology investigations
- Supports the Corporate Investigations Department from an information security and technology role
- Performs or assists in forensic analysis of digital information using standard computer FORENSICS and evidence handling techniques and computer FORENSICS tools
- Analyzes incident information and assigns appropriate response activities including, but not limited to, initiating HR investigations, policy or business process improvements, or security architecture improvements
Experience Level:
5+ Years
Requirements:
- 3-5+ years conducting computer forensic investigations, preferably in a leading role
- 5-8+ years of experience in IT, preferably in Information Security
- Must have the ability to effectively interact with high level management, HR, and legal partners in managing confidential investigation issues
- Familiarity with computer forensic tool use (such as EnCase or FTK), and data leak monitoring tools
- Proven understanding of common vulnerabilities associated with operating systems and applications.
- Proven presentation skills and strong negotiating skills are required
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies
- Certifications in Information Security highly desirable, including CISA, CISSP, ISSEP, GCFA, and GCIH
KNOWLEDGE, SKILLS & EXPERIENCE:
- Bachelor's Degree in an Information Technology discipline, Masters Degree preferred. Ten to twelve years of related work experience in the information technology field, which should include at least eight years in information security systems data analysis and data management experience. Professional information security certification (i.e., Certified Information Systems Security Professional - CISSP), and experience with the Sarbanes-Oxley Act and ISO/IEC 17799 compliance preferred.
- Demonstrated competence in a variety of IT concepts, practices and procedures. Adept at the architectural level of networks (IP) and operating systems.
-Has an intimate understanding of network technologies, common TCP/IP infrastructures, Internet Network Operations, and LAN/WAN technologies. Knows the mechanisms of cryptography and other data and traffic encryption processes. Is knowledgeable of operating system controls and security subsystems, which include Windows Unix\Linux, and legacy operating systems.
-Experience with configuring, maintaining, and architecting business critical information security technology.
-Must understand State and Federal security compliance laws.
-Excellent interpersonal and communication skills, with the ability to train and guide others.
|
