Information Security Analyst I
The position of Information Security Analyst will report to the Director of Information Security and is responsible for supporting corporate information security initiatives to ensure the protection of the company’s information assets. The Information Security Analyst will be responsible for performing regular operational security functions, ongoing compliance-related activities, and conduction security assessments across various technologies. This position will serve as a project member on multiple projects simultaneously and will interact regularly with technical subject matter experts.
The ideal candidate will hold a Bachelor’s of Science degree in Information Security and have at least 4 years of experience in a Security or Technology role. The candidate must possess a strong understanding of the role of Information Security Policies and Standards and a strong understanding of vulnerability management including penetration testing, and risk frameworks.
Responsibilities Include, but Are Not Limited to:
- Execution of information security reviews against infrastructure, applications, and vendor services (cloud platforms).
- Vulnerability identification and remediation
- Execution of security root cause analysis and forensics as part of the enterprise’s Cyber Incident Response Plan.
- IT compliance monitoring and issue lifecycle reporting.
- Familiarity with Chinese Cybersecurity Law
- Support multiple Information security projects, including; Administrator Activity Monitoring, Security Event and Incident Management, and General Security Administration.
- Support the Global Privileged Access Entitlement Review Process.
- Coordinate activities of vendors performing penetration tests.
- Participation in various programs and initiatives supporting the further implementation of the company’s Information Security Policies and Standards.
Requirements and Qualifications
- Strong foundation in information technology and information security principles.
- Strong knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape.
- Experience in threat modeling to identify risks posed by new technologies or implementations.
- Familiarity with forensic tools used as part of security event investigations.
- Possession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CEH, CISM or CRISC.
- Basic knowledge of security and control frameworks, such as NIST CSF, ISO27001/2, COBIT, ITIL, and CIS.
- Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
- Innovative, creative, curious and passionate about security and information technology.
- High degree of initiative, dependability and ability to work with little supervision.
- Proficiency in Office365 tools and collaboration technologies.
- Ability to formulate a clear and actionable plan and execute against it.