The Information Security Analyst is responsible for the defining, planning, and monitoring of security measures for the protection of computer systems and information assets. This individual will also be responsible for monitoring and analyzing security measures implemented in Highspring’s infrastructure, as well as assist in the development and enforcement of information security policies. This is a fast-paced environment. Candidates should thrive in an environment with high volumes of work, managing multiple projects/assignments at a time, and working in a highly collaborative atmosphere.
Duties and Responsibilities:
The following duties are normal for this job. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned.
- Defines, maintains, and reports on overall computer network security strategies (Best Practices/Common Practices) with all information assets connected to the Highspring network. Must have the ability to communicate security policies and strategies to people of varying technical ability both verbally and in written format.
- Monitors and provides reports on, intrusion detection and protection systems.
- Monitors and reports on device security systems such as anti-virus, anti-ransomware, patch management, and vulnerability assessment tools providing appropriate coordination for response efforts maintaining SLAs.
- Monitors operation of, and provides reports on, security information and event management (SIEM) systems. Must have the ability to examine a variety of data sources to correlate events and determine courses of action.
- Support the organization’s third-party management program by maintaining current vendor profiles, facilitating vendor security assessments, reviewing compliance and security documentation, and assisting internal stakeholders as well as clients with vendor risk and remediation activities.
- Participates in the incident response process when incidents are declared and supports post-incident activities.
- Manages relationships and coordinates operational activities between Highspring and external security services providers (e.g., Managed Security Services Providers (MSSP), Penetration Testers, etc.).
- Leads the Information Security awareness training program with focused training and simulated social engineering campaigns.
- Creates and publishes periodic information security assurance risk posture reports as requested/required.
Desired Competencies and Skills:
- Knowledge of SIEM systems
- Knowledge of MS Azure cloud platforms
- Knowledge of Email Security Appliances (ESA), Checkpoint, Mimecast, Proofpoint, etc.
- Knowledge of Information Security standards and frameworks (International Organization for Standardization 27000 series, National Institute of Standards and Technology, and Center for Internet Security (CIS) controls)
- Knowledge of a variety of vulnerability management solutions
- Strong verbal, written and presentation skills.
- Knowledge of Intrusion Detection Systems/Intrusion Protection Systems
- Experience in Privacy a plus.
- Experience in AI governance, configuration and assessments, a plus
Educational Requirements:
- Bachelor’s degree in computer science, Information Technology or Information Security (Cybersecurity) preferred
- At least two (2) years of experience in Information Security preferred.
- One of the following certifications is required: CompTIA Security+; GIAC security certifications and/or Certified Ethical Hacker (CEH); Certified Information Systems Security Professional (CISSP).
Travel Requirements:
<10% -Occasional travel to onsite offices or vendor conferences may occur