SourcePro Search, LLC
Information Security Analyst.
SourcePro Search, LLC, Boston, Massachusetts, 02298
We are conducting a search for a Information Security Analyst. JOB SUMMARY: As Information Security Analyst (ISA), reporting to the Director of Information Technology and working closely with the Chief Information Officer, this position will be responsible for the administration, implementation, and oversight of the Firm's Information Security Management Systems (ISMS) to effectively safeguard all data stored on premises and in the cloud. They will be responsible for ongoing development and improvement of an extensive security strategy for the Firm. The security professional will suggest tools and techniques to achieve security goals and to record the process related to gathering and maturing Threat Intelligence. The Information Security Analyst will work in collaboration with the Network team to offer support for security tools and technologies such as firewall, proxy server, remote access, and others. They will research and investigate the potential impact of new threats and exploits to improve detection and response capabilities. This person will work closely with senior IT management on information security-centric initiatives related to compliance, risk management, and data privacy and protection strategies for the organization, in alignment with relevant laws, regulations, and industry standards. Additionally, this role will coordinate security related responses to prospective client requests for proposals (RFPs), as well as audits for existing clients. ESSENTIAL FUNCTIONS: • Participates in the development, risk assessment, communications, status reporting, and execution of, enterprise-wide information security, compliance, risk, and privacy strategies.• Administers and monitors security platforms Firm-wide and lias with third party providers to coordinate response to security events and vulnerability assessments• Responsible for updating and revision of Information Security policies and SOPs; works with CIO and Data Protection Committee to ensure policies meet business requirements and align with US federal, state, and UK regulations.• Assesses existing IT policies, guidelines, procedures and standards to discover security related gaps and create or align firm documentation, as necessary.• Coordinates vendor engagements for IT Risk Assessments to identify, assess, and remediate threats internally and with 3rd party vendors.• Collaborates on the development or selection of regular Information Security and Compliance training to all employees and assists in delivery and auditing of compliance training.• With the CIO and Director of IT, participates in and helps direct the Firm's incident response efforts when system compromise or information loss is suspected, in an effort to minimize any negative impact.• Supports the ongoing administration, design and use of network segmentation tools and underlying concepts.• Supports development of testing and evaluation plans, including cyber test activities.• Works with third party vendors to plan for and execute penetration testing.• Ensures that security controls are integrated into new systems and applications.• Assists with other projects and initiatives at the direction of the CIO and Director of IT. QUALIFICATIONS: • Bachelor's degree in computer science, Information Security, Information Technology or related field.• Minimum of three (3) years of work experience in the field of information security and compliance, or equivalent combination of education and work experience.• Experience working with a variety of automation tools, firewall systems, and other technologies used in cybersecurity.• Sound professionalism with incident response events.• Exceptional oral and written communication skills and the ability to articulate highly technical information for real world business impact at a senior management level.• Strong time management, prioritization, problem-solving, and organizational skills, and the ability to work effectively in a high-pressure environment.• Strong interpersonal skills and ability to work effectively with diverse levels of constituencies.• Flexibility and capacity to respond calmly, efficiently, and effectively in stressful situations.• Able to meet set deadlines and work effectively under pressure.• Ability to maintain confidentiality of matters and other Firm business information.