Senior Information Security Analyst

Job Description

The Senior Information Security Analyst reports to the Information Security Manager of the Risk Analytics and Compliance team within the Information Security Governance, Risk, and Compliance (GRC) department. Responsibilities: Subject Matter Expertise: Acts as a subject matter expert on disaster recovery compliance. Exposure and Knowledge Building: Gains exposure to UPS information security and disaster recovery program and mission, focusing on building knowledge and experience in business continuity and disaster recovery (DR) services Compliance Understanding: Understands the disaster recovery compliance requirements within the UPS Standard Practice Manual Application Team Collaboration :Works with application teams to assist in developing complete and high-quality disaster recovery planning (DRP) assessments Strategic Planning: Engages in strategic planning to improve and mature the disaster recovery program Operational Support: Supports the DR program by performing operational activities, including developing understanding of DRP assessments and exercise assessment templates Training and Awareness: Manages training and awareness campaigns, design, develop, and executes IT disaster recovery awareness campaigns and associated training to ensure compliance and quality of materials produced Compliance Reporting: Generates reports on DR compliance metrics by performing daily system operational audits Issue Investigation: Investigates issues and escalates as appropriate to support effective resolutions Audit Checks: Conducts audit checks, reviews completed DRP assessments and exercise assessments, assigns risk based on assessment review findings, re-audits previously reviewed plans with assigned risks, and conducts review meetings with plan respondents to provide appropriate guidance Internal Customer Support: Assists IT teams in developing clear, concise, and executable plans for recovery to ensure resiliency, investigates recovery plan resiliency issues and gaps, escalates as appropriate, tracks and manages remediation of risks and deficiencies identified during audits, and provides guidance and best practices in planning for exercises Customer Inquiries: Handles internal customer inquiries and concerns received via emails, Teams, and phone calls related to OneTrust GRC platform, Disaster Recovery Plan Assessments, general DR policies, and DR best practices Qualifications: Bachelors degree in Computer Science, Computer Engineering, Information Security, or related field 3 years experience in Information Security role and/or Information security certification e.g, CISA, CRISC, CISM, GSEC, CBCP - Certified Business Continuity Professional