Information Security Analyst

AUBURN TECHNICAL SERVICES GROUP, INC.
yesterday

Role details

Contract type
Internship / Graduate position
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Tech stack

Microsoft Windows
Unix
Computer Security
Database Security
Linux
Identity and Access Management
Issue Tracking Systems
Information Security Management
Internet Protocol
Smartsuite
Phishing

Job description

The Information Security Analyst will be responsible for designing, developing, and implementing information security programs, policies, and standards for the Bank. They will work under ISO''s supervision to define and implement information security roadmap and strategy. The analyst will also conduct cyber security assessment and control validation reviews, monitor non-compliance issues, and provide training and awareness to end users on cyber security topics., * Design, develop and implement information security program, policy, and standards for the Bank.

  • Work under ISO''s supervision to define and implement information security roadmap and strategy.
  • Design, develop, and implement cyber security assessment and control validation reviews.
  • Monitor and track all non-compliance issues and gaps to information security policy and standards.
  • Review and maintain access control processes such as access re-certification, revocation, etc.
  • Provide training and awareness to end users on cyber security related topics.
  • Provide periodic reporting to ISO and management on information security issues and gaps.
  • Interface with internal, external, and third party contacts.
  • Partner with risk management and internal audit on enterprise-level issues and provide cyber-SME services.
  • Perform all functions as assigned by ISO.
  • Provide high-quality work by ensuring accuracy and seeking to continuously improve Information Security processes.

Requirements

  • Bachelor''s degree or equivalent.
  • At least two years of hands-on experience in cyber governance & cyber risk management related work or internship.
  • Good knowledge of NIST 800-53, ISO 27001, CIS critical controls, FFIEC handbook.
  • Ability to perform cyber risk assessments in perimeter, network, host, and application level.
  • Working knowledge with GRC tools and risk acceptance, policy exception, and issue tracking process.
  • Good understanding and knowledge of IP Network, Microsoft Windows, Linux, UNIX, Database security.
  • Working knowledge of Access control (IAM) processes and tools.
  • Able to develop & maintain cyber security policies and standards in accordance with regulatory requirements.
  • Able to provide end-user security awareness training and phishing exercises.
  • Security+ certification would be a plus.
  • Able to demonstrate clear communication, excellent writing, and presentation skills.

Apply for this position