Position Title: Information Technology Security Analysis
- Information Technology Security Analyst is responsible for the implementation and management of company-wide information security activities while providing reports to management regarding the negative impact on the business caused by theft, destruction, alteration, or denial of access to company information.
- The IT Security Analyst is involved the analysis, troubleshooting and resolution of complex technical issues that impact the information security infrastructure at the data, application, service, operating system, and network levels.
- Direct and administer testing and evaluation programs to ensure that sensitive information systems are managed and operated in a manner compliant with established information security policies and procedures.
- Monitors internal and external security systems to identify potential or existing threats and vulnerabilities to the company's information systems. Conveys alerts to appropriate technical personnel. This includes Content and E-mail Filtering systems, E-mail Archiving, Firewalls, IDS/IDP and Physical Security Systems.
- As a member of the Incident Response Team, responds to and reports on information security incidents, providing initial assessment of impact severity and types of incidents being addressed according to documented procedures and guidelines.
- Provide technical support and general guidance for identifying, evaluating, and documenting the use of information security systems and other related equipment to ensure compliance with established information security policies and procedures.
- Evaluates technical security products and recommends their acquisition and implementation.
- Conducts penetration tests to validate network security controls
- Work with sensitive information and maintain confidentiality of such data and information
KNOWLEDGE, SKILLS and ABILITIES:
• Ability to respond to a crisis situation with a clear sense of urgency while exhibiting calm and confident behaviors
• Work independently under limited supervision, exercise initiative within established procedural guidelines, and organize and prioritize work to meet established deadlines
• Identify potential threats, vulnerabilities, and risks
• Hardware and software products that enhance the security of systems such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
• Ability to motivate others (and thereby drive desired results) although no formal authority / reporting relationship exists
• Ability to follow-up, follow through and deliver timely results
• Exercise good judgment, decisiveness, and creativity
EDUCATION and/or EXPERIENCE:
- Bachelor’s degree in a technical discipline (or equivalent work experience)
- Deep Knowledge and broad experience in technology areas referenced above
- Investment industry experience preferred
- Minimum of seven years experience in a technology position with a broad knowledge of network, desktop and distributed server hardware and software
- Excellent communication skills (verbal and written)
- Excellent presentation skills
- Follow written and verbal instructions
- Understand and explain technical terms and concepts in a non-technical manner.
- Interface with individuals at all levels of the organization and to establish effective working relationships
- Must possess broad knowledge of network, desktop and distributed server hardware and software
- Thorough knowledge of IT Security concepts, principles, and tools and utilities
CERTIFICATES, LICENSES, REGISTRATION:
- Microsoft Certified System Engineer (MCSE)
- Working toward Certified Information Systems Security Professional (CISSP), SANS or similar industry certification preferred