Information Security Analyst (6) - Company CSO SOC

Functional Area:

IT - Information Technology

Estimated Travel Percentage (%): No Travel

Relocation Provided: No

Company Shared Services Corporation

ROLES & RESPONSIBILITIES:

• Provide security assessments on the following; Software Security Assessment (SSA), Application Scanning Request (APPSCAN), and Exception Request (EX-REQ)
• Perform and Review Application Threat and Vulnerability Assessment
• Perform and Review IT Security Risk Assessment
• Review and process external network connectivity requests
• Review and process requests for exception or exemption to IT Security standards
• Identify gaps and areas for improvement during audits/IT assessments
• Come up with recommendations for remediation of areas identified during audit/IT assessments
• Follow through on ensuring key remediation efforts are implemented
• Ensure IT Security assessment program minimizes risks associated with business partners and vendors.
• Performs other duties & responsibilities as required or assigned by the Lead Information Security Risk Analyst.

Specific Tasks - SOC Monitoring:

• Investigate new cases in Case Management and monitor such for at least two weeks to check for any patterns and unusual behavior.
• Review the Case Management logs to check for inconsistencies in user behavior such as access from non-business country and possible sharing of accounts.
• Report any accounts that are of interest to the Business Partners if the security incident persists for the duration of the review.
• Report the general health and statistics for the RSA-AA logs.
• Identify changes that needs to be done to improve the overall security controls with regards to the use of RSA-AA such as changes to the policies/rules, risk score baselines and lists.

Specific Tasks - IT Security:

• Approve, test and implement any RSA-AA Back Office Production changes to the: a) Security settings in the Administration tab of the Back Office module; and b) Policy/rules in the Policy Management tab of the Back Office module
• Document all changes within the Service Now Change Request following Company Change Control Procedures in the process of implementing these changes.

Specific Tasks - Security Administration:

• Provision of user accounts in RSA A-AA Access Management module for new back office user requests.
• Edit user account’s access privilege in RSA A-AA Access Management module for existing user accounts.

WORK EXPERIENCE:

• Minimum 2 to 3 years of experience IT Risk Management, IT Audit, and Information Security.
• Experience in coordinating IT security Audit engagements
• Experience with highly regulated industry experience compliance requirements, Insurance industry expertise preferred (not mandatory)
• Experience in IT or security disciplines such as authentication and authorization models, data protection methods, networking, firewall models, common application security models, investigations,application scanning, threat and vulnerability management processes.
• Knowledge and experience in McAfee DLP, Anti-Virus, Network Security, Network Designs, Firewalls, and Virtual Private Networks.
• Proven track record of on-time, on-budget audits
• Familiar with IT Security Audit Requirements
• Familiar with Quality and Risk Management Process
• Familiar with Company Framework
• Familiar with any of the Regulatory Standards (e.g. Risk IT, COBIT, ISO, ITIL)

EDUCATION:

• A related Bachelor’s degree or equivalent work experience
• Certification in either Security+ or CISA is highly desired but not mandatory for this role
• Very proficient with Microsoft Project, PowerPoint, Excel and Word

OTHERS:

• Customer facing experience local and abroad is an advantage
• Demonstrate the ability to manage different stakeholders
• A team player and take responsibility for each assessment effort assigned
• Excellent oral and written communications in English

It has been and will continue to be the policy of Company, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

At Company, we believe that diversity and inclusion are critical to our future and our mission – creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.