Job Description

Job Description We are seeking a motivated Information Security and Risk Analyst to join our IT Security team. The ideal candidate will have a strong understanding of security principles, vulnerability management, and the ability to work with development and IT teams to mitigate and remediate security risks in applications and systems. This role will also provide support for security operations, audits, and security-related inquiries. Key Responsibilities: Security Vulnerability Management: Penetration Remediation: Support remediation efforts for vulnerabilities identified during application penetration testing. Vulnerability Mitigation: Collaborate with IT teams to resolve vulnerabilities and recommend compensating controls. Vulnerability Scanning: Establish and maintain vulnerability scanning across networks to identify security weaknesses. Security Reviews: Conduct security reviews of applications, systems, and infrastructure, ensuring adherence to best practices. Security Operations Audits: Security Audits: Assist with internal and external audits, including reviewing security controls. Security Policies: Support the review and maintenance of IT security policies, ensuring alignment with industry standards. File Monitoring UBA: Assist in managing file monitoring solutions and User Behavior Analytics (UBA) to detect and mitigate risks. File Encryption: Assist with managing and improving file encryption solutions across the organization. Collaboration Reporting: Cross-functional Collaboration: Work with IT and development teams to implement security measures. Security RFPs: Assist with answering security-related RFP questions, providing expertise on security requirements. Compensating Controls: Recommend compensating controls to address security gaps while minimizing risk. Security Best Practices Recommendations: Recommendations: Provide recommendations to improve security posture based on best practices and threat intelligence. Security Awareness: Promote security awareness across the organization to enhance overall security posture. Triage Incident Response: Alert Triage: Perform triage and analysis of security alerts to assess impact and determine appropriate actions. Incident Management: Assist in managing security incidents, including root cause analysis and threat mitigation. Required Skills Competencies: Core Values: Uphold values of Exceed to Service, Innovate to Generate, Trust to Succeed, Empowered to Achieve, Collaborate to Perform, Recognize to Reward, Play to Win. Collaboration: Ability to work independently or within a team and collaborate with various stakeholders. Communication: Strong written and verbal communication skills, able to explain complex security issues clearly. Time Management: Effectively prioritize and meet deadlines in a fast-paced environment. Analytical Thinking: Strong problem-solving skills and consultative approach to security challenges. Attention to Detail: Precision and accuracy in security reviews and audits. Calm Under Pressure: Ability to remain calm in high-pressure situations, proactively addressing security risks. Qualifications Educational Requirements: o Associate s degree in Cybersecurity, Information Technology, or a related field preferred. Certifications such as CISA, CISM, CISSP, Security+ are preferred. Experience Requirements: o