Information Security Analyst
Location: RICHMOND, VA
Position Contact: Megan Estes | firstname.lastname@example.org
The Information Security Analyst is a hands-on position that requires a high level of technical expertise and security knowledge. The person in this role will be responsible for responding to security incidents and alerts, day-to-day administration of information security tools, assessing the firm’s security practices and configurations, and promoting security awareness across the firm. The person in this position must be comfortable interacting with all levels of firm personnel and must have excellent written and verbal communication skills.
Participate in and lead Security Incident Response Teams, as needed.
Lead troubleshooting effort on all security-related problems.
Provide on-going communications to staff on potential threats to the information security environment and mitigation steps.
Participate in the delivery of a firm-wide security awareness program.
Assess system and network vulnerabilities and work with responsible groups to address them.
Respond to audit findings and present remediation steps to management.
Conduct formal risk assessment reviews to determine the critical points of business exposure.
Analyze security violation reports for suspicious activities and patterns.
Review and monitor firewall, end-point protection, IDS, data loss prevention, vulnerability assessment, and system logs and investigate trends as needed.
Administer day-to-day operations of security controls, including end-point protection, data loss prevention, two-factor authentication, vulnerability assessment, and web filtering systems.
Lead firm-wide security patching process.
Evaluate and recommend security products and services. Represent the firm with outside vendors / organizations and recommend new products/technology to improve security and address business needs.
Policies and Procedures
Participate in the development, implementation, and performance of a comprehensive IT Security program for multiple platforms and diverse system environments.
Present security status and project status to management.
Recommend controls to ensure the appropriate level of protection and adherence to the goals and overall information security strategy.
Prefer Bachelor’s Degree in Information Technology or Computer Information Systems
Must have a minimum of three years of relevant experience.
CISSP and/or CISA certification strongly preferred.
Demonstrated knowledge and experience with various network protocols, common security tools, and security methodologies.
Ability to balance security requirements with business objectives and the firm’s level of risk tolerance.