The Cyber Security Analyst helps maintain an ISO 27001 enterprise security program and architecture to prevent or minimize data loss. Monitors adherence to information security policies to ensure that appropriate access to, and the confidentiality of client, employee, and firm information is maintained. Administers third party risk management, vulnerability management, and security awareness activities. Helps develop security awareness content and provide education on security policies and practices. Completes scheduled internal audits to detect information loss or policy violations. Participates in the evaluation and recommendation of security products, services and/or procedures to enhance productivity and effectiveness.
PRINCIPAL DUTIES AND RESPONSIBILITIES*
- Executes vulnerability management tasks including review of monthly vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts and production of monthly metrics.
- Performs information security risk assessments and assists with the daily, weekly, monthly and quarterly internal auditing of information security processes.
- Leads the firm’s Third-Party Risk Management program.
- Administers the firm’s Security Awareness program.
- Monitors the security infrastructure for policy violations or security events and participates in problem management and forensic activities as needed.
- Assists the Cyber Security Program Lead in responding to client requests including preparation of written audit responses and preparation of evidence. May involve direct interfacing with client risk management personnel.
- Tests and assists with selection and implementation of controls that apply security protections to enterprise systems, processes and information resources.
- Supports IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).
- Assists with proactively supporting client service by actively participating in the Firm's ServiceMatters initiative. Ensures that staff members are providing quality service to internal members/departments of the Firm as well as external clients and vendors by displaying professionalism via electronic and print correspondence, over the telephone and in-person and by encouraging an atmosphere that rewards a "can do" attitude.
- Assumes additional responsibilities as assigned.
- General knowledge of Windows operating system and web browser behavior, networking, database, systems, and mobile devices.
- Experience preparing spreadsheets and documents using Microsoft Excel and Word.
- Knowledge of security issues, techniques, and implications across firm computer platforms required.
- Proven interpersonal and communication skills.
- Strong work ethic; excellent use of discretion and judgment. Excellent written communication skills.
- Strategic thinking and planning abilities required.
- Analytical thinking skills.
- Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
- Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision making process.
- Effectively meet challenges, influence and drive consensus within the team.
- Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
- Bachelor's Degree in Computer Science, Management or related work experience.
- Security compliance certification preferred (GSNA, etc.) preferred.
- 3-5 years’ work experience supporting information services in a medium to large environment; or other equivalent combination of education and experience that provides the required knowledge and skills. Compliance focus preferred.
Equal Opportunity Employer/Females/Minorities/Veterans/Disability
← return to listings