Security Information Analyst Job Description
Security information analyst
provides subject matter expertise in Federal Information Security Management Act (FISMA) and National Institute of Standards (NIST) Special Publication (SP) 800-53 and relevant overlays.
Security Information Analyst Duties & Responsibilities
To write an effective security information analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included security information analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Analyze and respond to security threats from firewall (FW), intrusion detection systems (IDS), intrusion prevention systems (IPS), antivirus (AV), network access control (NAC) and other security threat data sources
Procedures, standards)
Execution of Threat and Risk Assessments of enterprise IT systems and documenting recommendations on how to mitigate risks
Assist in performing policy compliance reviews of enterprise IT systems
Research, detect and mitigate spam and malware and maintain and improve global anti-spam and anti-malware systems
Perform vulnerability scanning and provide vulnerability assessments and analysis of systems
Evaluate newly released patches to ensure they address actual vulnerabilities and audit systems after patches are applied to ensure compliance
Performing vulnerability and risk analyses of existing and planned systems for a diverse clientele including scientific researchers and collaborators and administrative support staff
Application software and system security reviews
Develop, maintain and publish up to date information security policies standards and guidelines create and implementing a risk based process for vendor risk management
Security Information Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Information Analyst
List any licenses or certifications required by the position: CISSP, CEH, GSEC, GIAC, SSCP, OSCE, OSWP, OSCP, ISACA, ISSA
Education for Security Information Analyst
Typically a job would require a certain level of education.
Employers hiring for the security information analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Education, Technical, Information Technology, Information Systems, Business, Engineering, Management, Cyber Security
Skills for Security Information Analyst
Desired skills for security information analyst include:
Another official UN language is desirable
DHS 4300
Federal Government A&A practices and policies
NIST SP 800-53
Particularly FISMA
Firewalls
HIPAA
Application
Application Security Architecture
PCI
Desired experience for security information analyst includes:
Knowledge of industry standard information security domains
Experienced in working in enterprise IT and datacenter environments
Proven information security competency
Must be able to work effectively as part of a team, under pressure to tight time frames without direct supervision
Must be willing and able to travel domestically and potentially internationally as needed
2-4 years IT Security and systems/network administration experience
Security Information Analyst Examples
1
Security Information Analyst Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security information analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security information analyst
- Identify and assess the impact of information security threats, vulnerabilities and risks and assess business security risks with a view to recommending security controls that will enable the Business to manage those risks effectively
- Review new and existing standards, regulations, guidance, best practices, policies and customer initiatives to maintain expertise and add business value
- Partner, provide guidance and assist business areas with the creation, integration, modification, and/or review of department policies, standard operating procedures, and desktop material pertaining to all legal/regulatory and compliance audit requirements
- Uses hardware/software, such as Advance Threat Protection, Intrusion Prevention, and SIEM systems to monitor for unauthorized access attempts, unauthorized activities, and other security events
- Defining cloud security policies, procedures, solutions
- Review / audit firewall changes
- Advancing the incident prevention, detection and containment related processes across systems
- Conduct gap analysis and remediation of security monitoring systems and processes
- Undertake vulnerability scanning activities to assess PCs, computer systems, networks and applications for weaknesses
- Maintain team tools to support incident response and forensic procedures
Qualifications for security information analyst
- Three or more years conducting security testing / vulnerability management
- Strong system engineering capabilities
- Experience with technology security configuration benchmarks
- Ability to work with outside auditors relative to formal privacy and security auditing situations
- Ability and skill to influence personnel through a matrix organization as opposed to line management authority
- Certification in the information security areas such as the CISSP (Certified Information Systems Security Specialist)
2
Security Information Analyst Job Description
Job Description Example
Our growing company is looking for a security information analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security information analyst
- Negotiate audit findings and audit reports with business owners and management
- Provide analysis of system and network threats and provide Security Certification and Accreditation of a variety of Department of Defense and Intelligence Community automated information systems (AIS)
- Conduct periodic scans of the network systems using tools such as ACAS and SCC scans to identify vulnerabilities and ensure security compliance
- Identify and document security vulnerabilities, business risks and remediation strategies of enterprise solutions
- Partner closely with the Enterprise Architects, Project Managers, Infrastructure Leaders, and Application Development teams to ensure a consistent approach to security solutions
- Oversee security related tasks for existing and future systems, networks and software
- Provide expertise and support in customer hosted environments to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards
- Implement and monitor corporate business processes, recommend improvements and assist stakeholders to achieve information security goals and objectives related to Information Technology general controls
- As a strategic partner on the information security team to the company, consult on projects that automate business processes and drive employee efficiency to design and implement new controls to achieve compliance objectives
- Provide expertise in support of new product development activities to ensure products comply with information security and privacy standards
Qualifications for security information analyst
- Minimum 2 years in an information security support role
- CISSP ENCE, GCIH, GCIA, CISM, ITIL
- In-depth understanding of Information Security concepts
- Experience responding to security incidents
- Developing information security policies and procedures
- Knowledge & understanding of relevant legal and regulatory requirements such as Sarbanes-Oxley Act (SOX), Data Privacy and PCI-DSS
3
Security Information Analyst Job Description
Job Description Example
Our innovative and growing company is looking for a security information analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security information analyst
- Creation of new videos, training material or communications where necessary to support a specific business need
- Unified Threat Management device monitoring which includes Firewall, NIDPS, URL Filtering, file monitoring
- Provide continued application support for key IT Security applications
- Document and maintain Operational processes, procedures, and flowcharts
- Recommend application and operating system security configurations
- Represent the Information Security team at Change Advisory Board meetings to determine security and risk are evaluated in each change to the environment
- Coordinate the internal design of Information Technology general controls
- Support third party security risk assessments and IT audit, and provide tracking for findings and resolution
- Architect and drive the implementation and maintenance of appropriate layers of defense to protect the organization’s information assets
- Ultimately responsible for the development of security awareness-focused educational curriculum and syllabus
Qualifications for security information analyst
- Experience securing enterprise-scale systems
- Experience coordinating with remote team personnel
- Understanding of the technologies and architectures supporting information security protection
- Practical experience undertaking IT compliance audits
- Understanding of the 27001 standard and 27002 code of practice
- Formal Information Security or IT Audit qualifications or willingness to pursue such qualifications – CISSP, CISM, ISO27001
4
Security Information Analyst Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of security information analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security information analyst
- Provide security consulting, awareness and outreach to all areas of the business
- Offers technical information security consulting services to distributed personnel who are responsible for information security systems
- Understand and analyze business setting from an information security perspective
- Interact closely with the business, IT, the Identity and Access Management team to onboard applications to the bank’s recertification platform (Gatekeeper)
- Coordinate the bank’s recertification process by interacting with stakeholders involved such as the business, Identity and Access Management team and IT
- Assisting the business in onboarding new applications to the bank’s recertification platform (Gatekeeper)
- Assigning recertification approvers based on discussions with the business
- Assisting the business in completing recertification tasks
- Following up on outstanding recertification items with the business
- Identify and mitigate information security risks to ASIS supported systems, infrastructure and data
Qualifications for security information analyst
- Proven knowledge of network and server infrastructure technologies and devices including firewalls, routers, switches
- Associate Degree in Computer Science or Information Technology Field
- 2 years experience in IT with a security focus
- Minimum of two years relevant technical experience
- Minimum of one year of experience in an information security role
- Working knowledge of Network related technologies and concepts
5
Security Information Analyst Job Description
Job Description Example
Our company is looking to fill the role of security information analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security information analyst
- Administers, monitors, and maintains core information security tools including but not limited to Intrusion Detection and Prevention System (IDS/IPS), two factor authentication system, remote access, monitoring and Logging, anti-virus, encryption, SIEM, forensics
- Monitors log files and Information Security Systems for threats/risks, vulnerabilities, viruses, and network hacks within the Company environment and generates tickets to address alarms Monitors real-time policy based monitoring systems and responds to non-compliant activities, events, or notifications
- Ensure security processes and procedures are incorporated into project plans for new solutions
- You will have ability to assess details, systems and other factors as part of a single and comprehensive picture
- Collects and compiles metrics for IT and business reporting
- Tracks, analyzes, and reports the status of legal and regulatory compliance of Information Security policies, procedures, and configurations
- Apply defined information risk management methodologies and frameworks to identify and implement controls in support of confidentiality, integrity and availability
- Conduct assessment of the impact of proposed change requests to information security
- Conduct security control assessments to identify compliance control gaps, work with process owners to determine corrective action plans, and support the integration of a security controls framework
- Complete Internal and customer reporting on Information security operational and process performance
Qualifications for security information analyst
- Understanding of oversight entities such as FFIEC, SOX, & PCI-DSS
- Project-manage select CAMS and TDI TS control remediation efforts and/or NACC and TDI TS involvement within Enterprise control remediation efforts
- Degree with cyber security or security focus are a plus
- 2 - 5 years data protection experience and working knowledge of DLP concepts
- College Diploma or University Degree related to Information Technology or Cyber Security
- Knowledge of data protection regulatory requirements