This job has expired, please see additional jobs below
Information Security & Risk Analyst
Pearson
Iowa City, IA, United States
Job Details - this job has expired, please see similar jobs below
Description
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Pearson currently has a need for a solid Information Security & Risk Analyst on our Infrastructure & Operations Team. This is an exciting new position with the opportunity to lead and eventually build the Application Security wing of the group.
The Security & Risk Analyst understands information security concepts, practices, and procedures common within the information security and assurance field. Completes tasks designed to protect the organization's computers, networks, systems, and information assets against unauthorized access, modification, or destruction. Uses risk analysis as a guiding principle in the assessment, development, and implementation of information security controls. Applies critical thinking and problem-solving skills to identify threats, vulnerabilities, and risks arising from gaps and weaknesses in the controls environment. Operates and manages information security tools used to detect information security vulnerabilities. Works with cross-functional teams to design and implement appropriate, risk-based information security controls. Works with end users to determine needs of individual departments, implements policies or procedures, and tracks compliance through the organization. Familiar with IEC/ISO27001, NIST Cybersecurity Framework, and other similar information security standards and control frameworks. Works under general supervision and relies on limited experience and judgment to plan and accomplish goals. A certain degree of creativity and latitude is required in the design and application of information security concepts and solutions.
Core Job Duties:
• Maintain vulnerability management processes and tools.
• Assist with information security risk management activities and assessments.
• Assist cross-functional technical teams to facilitate remediation of identified system vulnerabilities and control weaknesses.
• Assist solution architects in designing, documenting, and implementing information security remediation solutions.
• Provide support and guidance to business and technical stakeholders regarding information security requirements and recommendations.
• Perform threat and vulnerability analysis, including forensic investigation of actualized vulnerabilities.
• Work as a cross-functional member supporting the entire lifecycle of application management in a highly dynamic cloud environment in Amazon AWS
Qualifications
• Minimum of a Bachelor's Degree in Information Technology, Computer Science, Information Security, or related discipline required.
• Minimum 3-5 years of experience working in an information security function.
• Familiar with industry standard information security and IT governance standards and frameworks, such as IEC/ISO27001, COBIT, NIST Cyber Security Framework.
• Working knowledge of network security, including firewalls, load balancers, web application firewalls, and other similar network security components.
• Working knowledge of various AWS services (EC2, ELB, WAF, S3, EBS, etc.) with a strong desire to continue to works towards becoming a subject matter expert in AWS cloud security
• Working knowledge of network protocols, components, and technologies, such as hubs, routers, switches, vLAN, VPN, WAN, wireless networking, HTTP/HTTPS, SSL/TLS…and so on.
• Working knowledge of encryption methods and technologies.
• Working knowledge of application development platforms, technologies, and architecture.
• Working knowledge of project management principles.
• Ability to think critically, analyze complex systems, and propose solutions to complex problems.
• Competent, effective verbal and written communication skills.
• CISSP, CISM, CISA, or GIAC certification preferred. If candidate does not possess an information security or related certification, a desire to pursue attainment of certification is required.