Frederick Fox is hiring: Information Security Analyst in Timonium

Working with a great client in the financial services industry on an Information Security Analyst role. Looking for strong vendor management experience. This will be on site 4 days a week, remote on Fridays. They are offering a very strong compensation and benefits package.

Overview

The Security Analyst is responsible for controls auditing related to the information security management system as well as assessing, monitoring, and managing security risks associated with third-party vendors and suppliers. This role plays a critical part in protecting the organization's sensitive data and systems by ensuring that vendors comply with security standards and best practices.

Reports to: Director of Information Security

Security Controls Auditing – Work with internal IT team on various aspects of internal IT security program

• Control Auditing: Review security management system controls and audit compliance with those controls.
• Evidence Gathering: Collect and analyze evidence to support audit findings and regulatory examinations.
• Testing and Validation: Perform tests to assess the functionality and effectiveness of controls.
• Reporting and Documentation: Document compliance with controls, review by leadership, and any necessary remediation required.
• Follow-up and Monitoring: Work with engineering team to track the implementation of corrective actions and ensure ongoing compliance.
• Third-Party Assessments: Coordinate with external auditors or assessors to validate control effectiveness.
• Management Review: Present audit findings to leadership and obtain their approval for corrective actions or remediation.
• Lessons Learned: Work with IT leadership to identify areas for improvement and incorporate findings into future audits.
• Other duties, as assigned

Vendor Management – Spearhead and take ownership over firmwide vendor management process:

• Risk Assessment: Evaluate vendor security practices, identify potential risks, and assess their impact on the organization.
• Contract Negotiation: Ensure security clauses are included in vendor contracts, addressing data privacy, incident response, and compliance.
• Monitoring and Oversight: Continuously monitor vendor performance, compliance, and adherence to security standards.
• Incident Response: Coordinate with vendors during security incidents, ensuring timely response and mitigation.

Qualifications/Requirements

• Bachelors degree in Computer Science, Information Security, or a related field; alternatively will consider a related certification and relevant experience
• Minimum of 1-2 years of experience in information technology and/or information security.
• Experience with vendor management (preferred, but training can be provided)
• Experience with security tools (firewalls, MFA, endpoint protection, log searches, etc)
• Familiarity with network security, encryption and cybersecurity best practices
• General understanding of security principles, practices, and frameworks (e.g., NIST Cybersecurity Framework, ISO 27001).
• Security+ (or comparable) certification, or willing to pursue certification, with support from the firm.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.