Senior Information Security Analyst Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the senior information security analyst job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.

USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.

SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Create a Resume in Minutes

M Murray

Mallory

Murray

907 Nitzsche Well

Boston

+1 (555) 740 4176

907 Nitzsche Well

Boston

Phone

p +1 (555) 740 4176

Experience Experience

Philadelphia, PA

Senior Information Security Analyst

Philadelphia, PA

Predovic and Sons

Philadelphia, PA

Senior Information Security Analyst

Responsible for identifying, assessing, reporting, assisting/leading the remediation of IT security vulnerabilities
Installing, configuring, troubleshooting, and administrating the company’s network security hardware and software solutions
Managing multiple projects through to completion, ranging from reviewing security/privacy obligations to performing security gap analysis’
Designing, developing, implementing, and troubleshooting various information systems security software
Identify opportunities to improve risk posture, designing security controls for remediating or mitigating risks, and assessing the residual risk
On site Supplier Risk Assessments including reporting, tracking, and remediation
Participate in the Security Working Group, Fiserv Information Security Officer Groups and Business Continuity Planning Working Group

San Francisco, CA

Gida Senior Information Security Analyst

San Francisco, CA

Gerlach-Wolff

San Francisco, CA

Gida Senior Information Security Analyst

Creates, maintains and performs annual review of Process Control Manual documents associated with specific systems assigned
Utilize key information security administration tools
Effectively utilizes Talent Management process (i.e. trainings, goal setup etc.) and system. Knows how to develop and implement an effective IDP (Individual Development Plan)
Conduct Citi Marketplace product maintenance. Conduct Citi Information Security Administration Repository Inventory maintenance; takes responsibility to keep the team inventory databases up-to-date
Identifies, registers and resolves potential compliance issues. Responsible for closure and keeping the inventory up-to-date. Drive and encourage IS culture
Understands and applies complex decision making processes. Seeks out input from all involved stakeholders. Comprehends all risks in decision making. Involved in higher level decisions
Demonstrate complex application or system knowledge

present

San Francisco, CA

Senior Information Security Analyst Perimeter Security & Attack Surface Management

San Francisco, CA

Bednar-Purdy

present

San Francisco, CA

Senior Information Security Analyst Perimeter Security & Attack Surface Management

present

Provide metrics and supporting data used to derive the overall perimeter security state
Examine and recommend introduction of new perimeter-based security technologies where warranted
Perform web application security testing to identify vulnerabilities and security risks to web applications and backend databases and collaborate with diverse IT and business teams to assist in the remediation efforts in a risk prioritized, effective, and efficient fashion
Conduct risk analyses and identify perimeter information security exposures; work with the business and subject matter experts to shore up and resolve these issues. Conduct research on emerging issues and identified gaps in existing perimeter security controls
Conduct continuous security analysis on network, application, and infrastructure components; conduct causal analysis and work across IT and business teams to develop solutions that address root causes
Conduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, etc.) in order to proactively assess and investigate emerging threats and potential impact to Visa
Function as a subject matter expert during security incidents. Interact with and assist investigative teams within Visa on time sensitive, critical investigations

Education Education

Bachelor’s Degree in Computer Science

University of Oregon

Bachelor’s Degree in Computer Science

Skills Skills

Ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
Ability to Learn quickly, absorb and retain information, and apply knowledge when and where relevant
Exceptional oral and written communication skills, ability to work independently with minimal supervision, and results-focused mindset are highly desirable
Strong personality, able to quickly build positive relationships within the own team and internal clients at remote sites
Self starter able to work with minimal supervision and ability to learn new skills quickly with minimal guidance
Excellent knowledge in Application, Mobile Application Vulnerability Audits and analysis
Proven knowledge of information security concepts and best practices, as well as ability to apply these concepts to business scenarios
Excellent ability to analyze, make decisions, and solve problems
Good knowledge of network and security technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching
Strong interpersonal skills with proven ability to work and communicate with individuals, teams and external resource providers

Create a Resume in Minutes

15 Senior Information Security Analyst resume templates

Read our complete resume writing guides

Senior Information Security Analyst Resume Examples & Samples

Work with senior and executive management including the CTO and CIO
May lead multiple complex projects and initiatives and uses discretion when negotiating priorities
While this job does not have formal personnel management responsibilities, the Senior Information Security Analyst is expected to lead and mentor team members and those in other technical roles who are critical to the successful delivery of the Information Security strategy
At least 8 years experience in information technology with a minimum 5 years information security experience
Security certification: CISSP AND/OR CEH
Must have experience working with Information Security programs
Must have experience with information security SIEMs, vulnerability scanners and application scanners (e.g. QRadar, Qualys, and AppSacan)
Must be proficient with Linux administration and scripting
Must fully understand the OSI model, routing and network security
Experience with the Disk (NTFS, HFS+ and Journaling FS [ext3,4, etc.]), OS (Windows, Unix/Linux, Mac), Logging and Network (Stealthwatch, TippingPoint etc.)
Capable of tracking the path of an incident using your knowledge of the main components of an enterprise network
Demonstrated ability to successfully perform analysis, support, training, reporting, testing, and project management across multiple, complex system implementations with custom and third-party applications
Experience with relational databases and queries
Ethical hacking and forensic analysis training
Advanced problem solving and analytical skills
Experience in media, news, and/or entertainment industry

Senior Information Security Analyst Resume Examples & Samples

Configure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures. This includes but is not limited to IDS/IPS (Host/Network/Wireless), secure file transfer, DLP, Full Disk encryption, firewall rule assessments, log management/correlation, secure password storage/retrieval, Application Whitelisting, vulnerability management, etc
Create and maintain data security documentation, policies and procedures
Assists in the identification, response, investigation, and remediation of potential breaches of and issues surrounding data security
Manage relationships with 3rd party providers of security monitoring and tools to ensure assets are being protected
Track data security issues to closure in a timely manner by partnering with business units, communicating solutions, and verifying remediation
Security certification such as CISSP, CISM, etc
Advanced degree (MBA, Master’s) preferred
Prior managerial/supervisory experience
Strong analytical, prioritizing, interpersonal, problem-solving, presentation, budgeting, project management (from conception to completion), & planning skills

Senior Information Security Analyst Resume Examples & Samples

Development of Data Loss Prevention (DLP) capabilities and controls
Control performance governance and oversight
Create and maintain security related documentation including processes, procedures, baselines, and standards
Development of security training program and author training communications
Bachelor’s degree and 5-7 years of experience in Information Security
Extensive experience working with DLP systems and DLP business processes
Candidates with CISSP, CISM, GIAC, or CIPP certifications are highly desired
Strong knowledge of Access Controls, Authentication Systems, & Separation of Duties principles
Experience in a high volume, mission critical enterprise operations in a financial services or other highly regulated industries
Detail oriented with exceptional written and verbal communication skills including technical writing experience
Knowledge of Windows, Unix, and Linux operating systems
Strong knowledge of networking fundamentals, common protocols services and related security issues (SMTP, DNS, TCP/IP 801.1x, TLS)
Knowledgeable in at least one programming or scripting language (C, VB, perl, python, shell scripting)
Advanced knowledge of Windows Active Directory and LDAP

Senior Information Security Analyst Resume Examples & Samples

Minimum 3 years of technical/management working experience in Identity and Access Management
Minimum 2 working experience in Information Security or Audit or Compliance / Governance
Working with access governance tools such as SailPoint or Aveksa would be an asset
Must have advanced working knowledge of MS Excel to create & maintain pivot tables & macros
Possess and exercise security risk avoidance capabilities plus a strong awareness of associated business risks with logical access management

Attack Surface Management Sme Senior Information Security Analyst Resume Examples & Samples

Bachelors Degree in Computer Science (or related field)
5-10 years of experience with the deployment of at least 3 of the following firewall and router platforms: Cisco, Fortinet, Checkpoint, F5 or Juniper
3 to 6 years of experience in Information Security with experience in vulnerability management, pen testing or other security assessment
Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
Familiar with network configuration management tools such as Skybox, NetDoctor, etc
Experience working with perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.) and vulnerability management tools (i.e. vulnerability scanners, file integrity monitoring, configuration monitoring, etc.)
Strong knowledge of security protocols and design concepts
Experience with large-scale IP networking and extensive knowledge of WAN technologies
Experience with IP routing protocols such as EIGRP, OSPF and BGP. Knowledge of CISCO encryption technologies (IPSec, SSL), and hot standby protocols HSRP and VRRP
Knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments. Knowledge and experience with physical and virtual server configurations and implementations
Security-related certifications a plus – CRISC, CISSP, CCNA Security

Senior Information Security Analyst Resume Examples & Samples

Manage large scale risk/security assessment studies and projects to validate and remediate perceived risks. Perform interviews, document design assessments, and walkthroughs of key controls (both new and existing)
Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks, and submitting assessment findings and recommendations
An in-depth understanding of the broad regulatory landscape impacting VISA business areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace
Assessing the impact of laws and regulations on VISA systems and technology. Work with other risk organizations to shape organizational control policies and standards
5 -7 years audit and risk management experience that includes a broad understanding of the software delivery process, professional services consulting and/or program management
5 – 7 years’ experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies
Ability to direct and lead cross-functional, cross-vendor teams
Must be experienced in Project Management Methodologies and experienced in mentoring less experienced project personnel
Emerging technologies including but not limited to mobile technology
Risk management for emerging technologies
Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options
Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
Big Four consulting experience considered a plus

Senior Information Security Analyst Perimeter Security & Attack Surface Management Resume Examples & Samples

Key individual contributor role with accountability for researching, measuring, preventing, detecting, and remediating security vulnerabilities at the infrastructure and application layers
Perform web application security testing to identify vulnerabilities and security risks to web applications and backend databases and collaborate with diverse IT and business teams to assist in the remediation efforts in a risk prioritized, effective, and efficient fashion
Collaborate closely with the Security Operations Center, Network Operations Center, application support, and other operations teams to ensure appropriate response to security findings
Conduct risk analyses and identify perimeter information security exposures; work with the business and subject matter experts to shore up and resolve these issues. Conduct research on emerging issues and identified gaps in existing perimeter security controls
Provide metrics and supporting data used to derive the overall perimeter security state
Examine and recommend introduction of new perimeter-based security technologies where warranted
Conduct continuous security analysis on network, application, and infrastructure components; conduct causal analysis and work across IT and business teams to develop solutions that address root causes
Function as a subject matter expert during security incidents. Interact with and assist investigative teams within Visa on time sensitive, critical investigations
This position will require after-hours and weekend work, as necessitated by change control windows and security incidents
5 to 10 years of experience in Information Security: experience with vulnerability management or performing penetration tests a plus
Experience working with perimeter technologies (router, firewalls, web proxies and intrusion prevention, etc.) and vulnerability management tools (vulnerability scanners)
Knowledge of Web Applications and Technologies: understanding of application programming languages, application servers, web services, browser technology, common vulnerabilities, security best practices, automated assessment tools, and manual testing techniques specific to web applications
Networking/Network Engineering/Network Administration: understanding and experience in a broad range of networking concepts, technologies, architectures, and security concerns specific to networking
Experience with application security testing tools such as IBM AppScan, HP WebInspect, Veracode, WhiteHat Sentinel, and BurpSuite
Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) and Open Web Application Security Project (OWASP) processes and remediation recommendations
The proven ability to influence and communicate effectively: excellent written and verbal communications skills, including an ability to communicate very technical findings to both technical and non-technical audiences, including project managers, systems engineers, developers, enterprise architects, and senior management
Scripting/programming skills and familiarity with ethical hacking beneficial

Senior Information Security Analyst Resume Examples & Samples

Conduct high risk and sensitive ethical hacks of internally and externally hosted applications globally according to scope defined by the pentest team
Provide accurate and timely reporting of findings and proposed remediation and mitigations
5-10 Years work experience in Information Security
Understanding of OWASP Top 10 and SANS Top 25 web application and network vulnerabilities
Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP etc
Good understanding of networking concepts around Ethernet, switched LAN and WAN environment
Prior knowledge or academic familiarity with reverse engineering, malware analysis, security research and forensic tools will be an added advantage
Familiarity with security tools & frameworks like Metasploit, Kali, Canvas etc. is a plus

Senior Information Security Analyst Resume Examples & Samples

Bachelor’s degree in Computer Science, Information Security or related technical field; or equivalent work experience
5-7 years of relevant experience
5+ years of experience in information security or related technical field
Expert understanding and practical application of eGRC tools, platforms or technologies
Preferred experience of the Archer eGRC tool
Broad work experience that spans multiple information security functions - policy development, education, executing penetration testing and application vulnerability assessments, risk analysis and compliance testing
Deep knowledge of technology risk assessment/SOX IT General Controls requirements and other related regulatory requirements

Senior Information Security Analyst Resume Examples & Samples

Practical experience with PCI and SOX IT General Controls
Expert knowledge of information security technologies
Broad hands-on knowledge of security industry-standard techniques and practices
Deep knowledge of technology risk assessment/SOX IT General Control, SOC2, PCI and other related regulatory requirements

Senior Information Security Analyst Resume Examples & Samples

Serve as a subject matter expert for all matters relating to web application security
Leverage all available tools and resources to identify web application vulnerabilities
Consult with various development teams to facilitate the closure of web application vulnerabilities
Stay apprised of security risks associated with frameworks such as PHP, Java, JavaScript, Ruby on Rails, and .NET
Stay apprised of security risks with Content Management Systems such as Drupal, Wordpress, and in-house developed CMS
Work with senior and executive management
Understand vulnerabilities at an application, database, operating system and network level
Security certification: CISSP, CEH, SANS Certifications (GSEC, GWAPT, etc.)

Senior Information Security Analyst Resume Examples & Samples

Perform security risk assessments over all third parties which provide Turner IT Services
Review, manage, and opine on all policy exceptions
Partner with the legal department and mitigate third party contractual risks
Serve as a subject matter expert for all aspects of IT Risk Management Security Architecture
Respond to security design inquiries for corporate and consumer-facing technologies
Implement and integrate security tools and services
Think out of the box and develop creative solutions
Security Intelligence Monitor security industry trends and news, researching threats and ensuring
Turner consumes and reacts to the most appropriate threat intelligence
Maintain existing industry contacts and be expected to continue developing new contacts within the security industry
Security Operations Address service requests and provide impeccable customer service while working with IT, Legal, Finance, Internal Audit and others
Work with senior and executive management May lead multiple complex projects and initiatives and uses discretion when negotiating priorities
Experience in a consultative environment such as a Big 4 or other security firm Security certification: CISSP AND/OR CEH

Senior Information Security Analyst Resume Examples & Samples

Participate to develop and run the Enterprise Access Governance operating model by building rules, strategy documentations and framework documentations, etc…
Perform required tasks for the Enterprise Access Governance function; tasks relevant to Logical Access Management (LAM) including access request, access certification, communication, and documentation of operational processes and procedures
Establish a strong working relationship with the various business partners in the bank to ensure the delivery of system changes and/or process changes provides value and consistency added to the user and customer experience
Actively participating in the systems implementation processes by providing process walk through and/or assist in writing the communication for business end users
Must have 5 to 7 years of progressive IT working experience
Should have 3 years of hands-on working knowledge of Logical Access Control and Provisioning tools for Identity Access Management (IAM)
Experience with IAM technologies (SailPoint Identity IQ [Sailpoint IIQ] preferred and/or Sun Identity Manager [Sun IDM] and/or Oracle Waveset)
Experience with new hire, change, termination and access certification processes as part of the IAM framework
Excellent communication skills (verbal/written) in English. The same in Spanish & French is an asset
Experience with customer support services
Effective time management and organization skills

Senior Information Security Analyst Resume Examples & Samples

Designing, developing, implementing, and troubleshooting various information systems security software
Developing, testing, and validating solutions to remediate exploitable conditions of increasing complexity on devices such as Web servers, mail servers, routers, firewalls and intrusion detection systems following established policies and procedures
Evaluating system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning, and Web services manipulation
Conducting security assessments of increasing complexity of systems, networks and applications using penetration tests and ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities. Prepares status reports on security matters to develop security risk analysis scenarios and response procedures
Developing security solutions and architectures for assignments increasing in complexity
Using technical knowledge and expertise in examining security issues, techniques and implications across multiple computing platforms

SOC Senior Information Security Analyst Resume Examples & Samples

Develop new processes and procedures to enhance SOC monitoring, analysis and escalation procedures
Research and identify the new areas of risk and exposure where SOC should focus
Participate in SOC internal projects such as SOC tools development, data analytics and SOC lab expansion
Overall understanding of network and application analysis
Network security monitoring and intrusion detection
Application Security Monitoring

Senior Information Security Analyst Resume Examples & Samples

Incident Response develop capabilities necessary to monitor and detect indicators of compromise using security scripts, tools and services
Demonstrate how to exploit vulnerabilities for the purpose of internal research and assisting with remediation efforts for Security Architecture
Work with senior and executive management Understands vulnerabilities at an application, database, operating system and network level
Provide technical input to security risk assessments May lead multiple complex projects and initiatives and uses discretion when negotiating priorities
Must be proficient with Linux administration and scripting Must fully understand the OSI model, routing and network security

Senior Information Security Analyst Resume Examples & Samples

Support Siteprotector and Proventia systems, maintaining a high level of availability
Contribute to the development of procedures for support and reporting
Working knowledge of ITIL support practices or similar standards to properly execute change and problem management tasks
Must have hands-on technical working experience in the implementation and support of an IPS hardware/software, preferably IBM Proventia and Siteprotector
2 years technical working experience in network device support and implementation is highly desirable
A team oriented focus is essential. Collaboration with team members and a cooperative approach to workload will be a key to personal and team success
Must be willing and able to work evenings and weekends, when required
Must be willing to provide rotational support in a 24x7 production environment

Senior Information Security Analyst Resume Examples & Samples

Build strong cross-organizational relationships, and effectively influence staff across the IT organization, and broader enterprise
Collaborate with all internal and third party application development teams to define an enterprise set of "reasonable" security controls that will protect company brand from real or perceived security breaches
In addition, develop and optimize processes to improve software development efficiency in the consumption of security development practices. Utilizes graduate-level research and analysis skills
Bachelor's degree (or equivalent) in Computer Science, Information Security or a related field
2+ years of relevant experience in mobile security – code review, penetration testing, mobile security research on iOS, Android or Windows Ph platforms
Strong understanding of mobile application development frameworks and tools
Proficiency in one or more mobile programming languages. (E.g. Java, C, Objective-C etc.)
Prior experience with de-compilation, reverse engineering, malware analysis and forensics tools will be added advantage
Good interpersonal, facilitation, and demonstrated emerging leadership skills

Senior Information Security Analyst Resume Examples & Samples

Develop and provide program management oversight for security programs and initiatives that will strengthen the security offerings and/or address audit and compliance risks following a risk-based approach that balances efforts with risks
Partner with Internal and External Auditors, Corporate Internal Controls, and Business Partners to understand key IT risks focusing on root cause analysis in order to formulate the appropriate tools, technology or people needed to address risks and enhance controls that may lead to a security initiative
Initiate steps in the solution delivery process to keep the programs moving forward that gathers foundation information and data to provide inputs into the next deliverables to ensure program delivery
Provide oversight of the security programs through regular routines to create visibility to key stakeholders. Measure success and escalate appropriately to drive programs to on-time delivery and within established budget
Provide leadership and consulting to multiple interdepartmental security stakeholders including guidance and instruction to ensure compliance with Information Protection Policies as well as governmental and industry regulations
Provide thought leadership that encapsulates the end-to-end processes that should be considered as part of the security program that considers the design, build, control framework, and the ongoing care, maintenance and operations of the programs
Improve methods of capturing and presenting data in order to provide leadership with clear, concise data to enable appropriate decision making
Promote and design/implement solutions that reduce the total cost of internal controls compliance
Develop and Manage security awareness and training initiatives to promote the success of company-wide IT compliance
Responsible for coaching, developing and encouraging excellence from diverse, cross-functional teams
Establish and maintain internal and external contacts to position and leverage industry best practices
Maintain relationships and knowledge with professional organizations and publications
Effective communication, facilitation, conflict resolution, analysis, interpretation, visionary, and strategic thinking skills. Comprehensive understanding of Information Technology methodologies, infrastructure, and architecture
Leadership experience with multi-functional IT staff, including contractors and outside services. Must be able to assimilate information and make sound business decisions. Proven experience in software development and systems integration
Advanced written and verbal communication and presentation skills
Ability to see end-to-end for solutions / program
M.B.A or related Master’s Degree
Beverage Industry experience
Technical knowledge of Enterprise Resource Planning security architecture, specifically SAP
Knowledge of application security fundamentals in one or more Enterprise Resource Planning applications (SAP)
Technical knowledge of security concepts, tools and programs
CISA, CISSP, CISM, CGEIT certification preferred
Office Productivity Applications: Microsoft Office software--especially Excel, Word, PowerPoint and Visio
Working knowledge of major ERP applications (e.g., SAP), operating systems (e.g., IBM AIX UNIX, Microsoft Windows 2000/2005/2008 Server, IBM OS/400, IBM OS/390, and IBM ZOS), databases (e.g., IBM DB2, Oracle, Microsoft SQL Server) and network technologies
Working knowledge of SAP Security, SAP GRC, and SAP IdM

Senior Information Security Analyst Resume Examples & Samples

Actively coordinate and communicate data and input calls with diverse teams
Proficiency using the Microsoft Office suite, especially Microsoft PowerPoint
Demonstrated ability to meet deadlines and commitments in an environment that requires multi-tasking among concurrent activities and frequent shifting of priorities
Exposure to qualitative and quantitative risk analysis

Senior Information Security Analyst Resume Examples & Samples

Leading efforts to write and obtain client approval for information system security plans through to and including issuance of a client “Authorization to Operate.”
Managing efforts to remediate information system deficiencies including through the “Plan of Actions and Milestones” process
Preparing information security policies, procedures, and related documentation in accordance with Federal government-wide and agency-specific policies and procedures
Ensuring information security processes adhere to client system development life cycle policies and processes
Designing and verifying implementation of information security controls
Reviewing proposed system changes to understand the information system security impact and taking appropriate resultant actions
Working with information system stakeholders including client business units, client information technology units, Xerox delivery teams, Xerox information security teams, and others on a regular basis
Using professional concepts and company objectives to resolve issues in creative and effective ways
Preparing ad-hoc and periodic reports about the above activities
The candidate must be able to work in the United States legally
The candidate must be able to obtain and maintain a Federal security clearance
The candidate must have a minimum of five-years of experience working in the information security field
The candidate must have a Bachelor’s degree. Alternatively, candidate may demonstrate two years of relevant professional experience – in addition to the experience required above – for each year of higher education
The candidate must have a Certified Information Systems Security Professional (CISSP) accreditation in good standing
The candidate must demonstrate familiarity and working knowledge of the NIST Special Publication 800-53 security controls
The candidate must have proven experience shepherding information systems through the security authorization process through to and including attainment of an Authorization to Operate and subsequent management of a Plan of Actions and Milestones
The candidate must demonstrate familiarity with all NIST Special Publications and Federal Information Processing Standards
The candidate must demonstrate experience gathering information from multiple, disparate sources, interpreting them, and translating them into coherent descriptions of security controls
The candidate must demonstrate above average or advanced skills with Microsoft Word and Microsoft Excel
The candidate must demonstrate excellent written and verbal communication skills and the ability to apply those skills to work successfully at all levels within and without the organization
Candidates with a current Federal security clearance
Candidates with extensive technical writing experience – specifically in the development of system security plans, related policies and procedures, and other artifacts necessary for the attainment of an Authorization to Operate
Candidates with demonstrated experience in self-management to complete large, complex deliverables in a timely manner and to obtain broad outcomes as measured by objective performance metrics
Candidates who demonstrate familiarity with information technology principles, methods, standards, and disciplines such as system architecture, software development, and database management
Candidates who demonstrate judgment in selecting methods, techniques, and controls for meeting information security requirements
Candidates who demonstrate an ability to work on complex issues where analysis of situations or data is dynamic and involves rapid, in-depth analysis of multiple, often ambiguous factors
Candidates with strong adaptive skills and a desire to work in a growing, dynamic, and fast-paced environment

Senior Information Security Analyst Resume Examples & Samples

Flexibility to work after hours and weekends to accommodate and support the existing servers/applications maintenance windows
Detailed knowledge of the security sub-subsystems and 3rd party security products in use on Visa enterprise systems, specifically Tandem, Xygate XOS/XAC/XPQ, and z/OS
Ability to gather and document business requirements and implement solutions to address them
The ability to work effectively with other functional areas and understand the operational and cultural issues relevant to achieving superior results
Be a self-motivated and results oriented individual with an attention to driving aggressive project timelines and schedules
5 to 7 years computer security experience
Microsoft Office suite (Power Point, Word, Excel, MS Outlook or equivalent)

Senior Information Security Analyst Resume Examples & Samples

Oversee regular log review and analysis processes
Assist in performing Quarterly entitlement reviews for the Electronic Payments Business Unit
Assist in monitoring and remediation of Internal and External vulnerability scan results
Collaborate and build relationship with engineering, operations and build teams
Assist Electronic Payments ISO ensuring Business Unit compliance with the enterprise requirements for Security Awareness training
At least 3 years of hands on experience in Information Security, risk and compliance management
Ability to operate above the line and lead others

Senior Information Security Analyst Resume Examples & Samples

Support Securonix systems, maintaining a high level of availability
Take on additional product support duties for smaller systems such as AD Audit
Must have hands-on technical working experience in the implementation and support of software systems, preferable in the Information Security domain
Programming ability in python and bash scripting is desirable

Senior Information Security Analyst Resume Examples & Samples

Responsible for supporting the Security Operations during normal business hours and in an on-call rotation outside normal business hours
Review and analysis of intrusion detection systems, security incident event management systems, network traffic and data from solutions such as anti-malware, advanced endpoint detection/prevention, firewalls, internet/email gateways and VPNs
Perform packet analysis to identify anomalies in protocols and payloads
Stay current with the latest malware, attack vectors and security trends
Participate in incident handling, discovery, triage, containment, recovery, and remediation plan coordination
Assist with evaluation and integration of new products and technologies
Provides project support related tasks to integrate security platforms as well as ongoing tuning support for existing technology
Understanding of network security devices, protocols, routing, and services
Experience with analysis of server, network, web and mail security events
Experience using SIEM technologies
Familiarity with Information Security Risk Management practices
Security certifications such as Security+, CISSP, GSEC, GPEN, etc. are a plus

Senior Information Security Analyst Resume Examples & Samples

Serve as the delivery manager for Identity & Access Management (IAM) products and solutions deployed to the user community. Ability to train and conduct user access testing to both technical and non-technical users of the solutions
Responsible for delivery management of large scale, enterprise IAM solutions and tools in support of IAM governance and best security practices
Must be able to create, generate and maintain Visio architectural documents and artifacts in support of expansion of IAM solutions
Plans and directs significant projects, product, service or function typically requiring the utilization or management of resources within functional area and coordination or resources outside of the function
Manage product planning efforts, prioritizing stakeholder scenarios and implementation requirements based on quantitative and qualitative analysis and business objectives
Able to generate artifacts such as administrative guides, FAQs and end user guides by working with the IAM Platform and Development teams on a certain set of deliverables

Senior Information Security Analyst Resume Examples & Samples

Manage and maintain risks profiles, risk and controls assessments, controls design and assurance testing programs focussed on infrastructure technologies and applications managed by the ITS team
Contribute collaboratively in ongoing improvement of the enterprise BTRM practice including process improvement in TRMIS and ITS groups and to enhancements to security standards, control solutions and implementation and related monitoring and verification practices
Interpret and advise with advanced knowledge on risks, business impacts and matters of security (including vulnerabilities and threat management), compliance/regulatory standards, audit programs and audit findings
Manage delivery of BTRM-ITS services and participate in ITS sponsored cross- development and new technology programs; provide support throughout the full SDLC ensuring key security and risk strategies are comprehensive, consistent with TRMIS policies/standards, well communicated and appropriately monitored
Contribute to the development, implementation and execution of a comprehensive infrastructure security and compliance controls verification program
Advocate security awareness and participate in the development of security and risk management communication and training programs targeting ITS delivery groups

Senior Information Security Analyst Resume Examples & Samples

Ensure end-to-end security of Visa products by hands on testing, helping development teams, and remediating risks upfront
Represent Visa in the software security community globally.
Agile SDLC processes and PMO reengineering Enterprise and application architecture
SAST, DAST and fuzz testing tools
2 to 5 years in technology, information security, and/or application development
Strategic thinker; visionary; innovative
Bi/multi-lingual a plus

Gida Senior Information Security Analyst Resume Examples & Samples

Excellent understanding of end to end Citi products, processes, policies, regulations, and governance. Initiates process changes and improvements
Able to handle simple thru complex, multi-tiered escalations, problems independently by utilizing key information security administration practices, policies and providing excellent customer service. Lead and resolve severity escalations and identify root cause and creating corrective action plans
Represent GIDA Service Delivery on compliance calls, meeting with Audit. Collect and analyze evidence (deliverables) with internal/external compliance and auditing agencies / officials and add intelligence into the information collected
Process entitlement, compliance review requests and/or incident/change management handling for Citi’s global customer base within established support thresholds, including bulk requests and housekeeping tasks
Creates, maintains and performs annual review of Process Control Manual documents associated with specific systems assigned
Able to perform any kind of ID or Functional ID related processes. Group, profile and role management, Functional and Temporary ID management. Perform Certificate management
Demonstrate complex application or system knowledge
Perform system setup, packaging and installation. Identifies need for new tasks and creates them on demand
Conduct Citi Marketplace product maintenance. Conduct Citi Information Security Administration Repository Inventory maintenance; takes responsibility to keep the team inventory databases up-to-date
Able to use the most complex tools within Microsoft applications and link them creating workflows between different formats
Demonstrates excellent understanding of end to end Citi products, processes, policies, regulations, and governance. Initiates process changes and improvements based on Lean methodology
Has a good understanding of end-to-end Project Management. Able to lead complex projects
Utilize key information security administration tools
Interprets and guide others in the principle of Information Security concepts and policies, develops and implements into day-to-day work. Ability to explain principles behind IS/GIDA policies and guidelines
Checks and reviews implementation of already established security procedures within the framework of specific system assignments, focusing on the full scope of GIDA Service Catalog requirements for simple thru complex, multi-tiered applications. Responsible for the service/compliance quality and accuracy
Identifies, registers and resolves potential compliance issues. Responsible for closure and keeping the inventory up-to-date. Drive and encourage IS culture
Effectively utilizes Talent Management process (i.e. trainings, goal setup etc.) and system. Knows how to develop and implement an effective IDP (Individual Development Plan)
Effectively delegates tasks and projects to others. Encourages others to stretch capabilities
Applies best practices in coaching. Works with others to identify development needs and resources
Understands and applies complex decision making processes. Seeks out input from all involved stakeholders. Comprehends all risks in decision making. Involved in higher level decisions
Utilizes effective interpersonal techniques. Strong communicator. Effectively uses influence to build support for key initiatives
Communicates the need for change to remain competitive. Involves others in the change process. Understands complex change theory and how to overcome resistance to change. Assist change from start to finish
Understand Citi, organization and department vision, strategy and goals. Relates own work to department, organization and Citi vision, strategy and goals. Understands and creates SMART goals for projects and initiatives. Self-accountable for goal achievement
Minimum High School Degree, however Bachelor's degree or higher desired or the candidate should have proven equivalent work experience
Minimum 4+ years’ experience either in an Information Security Administration environment or related field with customer service experience in data management
SSCP/CISSP/ITIL/PMP/Citi Lean certificate is advantage

Senior Information Security Analyst Resume Examples & Samples

3+ years of technology security experience
Security and or development experience
Web Protocols (HTTP, SOAP, etc.)

Senior Information Security Analyst Resume Examples & Samples

Have a strong understanding of increasingly sophisticated cyber attacks (especially targeting financial sector resources), hacking techniques and associated defensive techniques
Compare network events with intelligence research to determine adversary motive, capability and intent and the impact of the threat on payment card supply chain network architecture and system operations
Be Informed and can provide subject matter expertise regarding recent hacks / exploits – especially against web applications, databases and common desktop tools
Effectively communicate complex technical or intelligence related information to both technical and non-technical audiences
Have the ability to effectively identify, evaluate and communicate new and ongoing cyber security threats to senior management through regular, and ad hoc reporting as well as the ability to research complex cyber threat issues and produce finished reports
Be familiar with a multitude of security threat monitoring tools that identifies data breaches and network compromises using externally generated threat intelligence feeds together with internal data sources (SIEM, netflow, malware analysis, etc.) identify compromised systems within a network
Maintain, develop, and continually evaluate cyber intelligence sources (technical & non-technical) to increase effectiveness and timeliness of reporting threat information
Develop strong collaborative relationships with members of the Intelligence Community, Law Enforcement and payment card supply chain subject matter experts
Assist the various Information Security teams such as the Investigations and Forensics team with quality research and assistance in solving complex cases. Assist the Cyber teams by Identifying, recording and managing host- and network-based indicators of compromise (IOCs)
Possess moderate to strong technical security skills with hands-on experience
Bachelor’s Degree in Computer Science, Technology, Intelligence, Communications (or related fields) or equivalent work experience
5 to 8 years of experience in the Information Security industry, preferably with a concentrated focus on Threat and Risk Analysis or Security Monitoring using SIEM, IDS/IPS, Malware Analysis tools, etc
Excellent written and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively. Strong web development/design skills a plus
Possess strong analytical reasoning skills with the ability to recognize and evaluate facts, objectively analyze situations, synthesize and organize data/information from multiple sources
Able to draft, interpret and communicate policies, procedures, technical requirements and corporate communications for internal and external clients
Working knowledge of Windows and UNIX platforms, with administrative experience preferred
Moderate to strong scripting/programming skills and familiarity with ethical hacking beneficial
Technical-related certifications a plus
Fluency in a foreign language a plus, especially Mandarin Chinese, Russian or Arabic

Senior Information Security Analyst Resume Examples & Samples

Act as Subject Matter Expertise (SME) over IAM practices, policies and procedures for privileged access management on UNIX (AIX, Solaris, Linux)
Identify, analyze and drive technical solutions to improve Privileged Access Management on the UNIX platforms (AIX, Solaris, AIX)
Collaborate with the Access Management Operations team to implement process improvement opportunities for the management of Privileged Access on the UNIX platforms (AIX, Solaris, Linux)
Diligently document privileged access management procedures; keep the privileged access management procedures up-to-date
Have a global mindset and collaborate effectively within and across different teams
Proven corporate experience and track record in UNIX Systems Administration or UNIX Systems Engineering is highly desirable
Knowledge in scripting languages (Perl, Shell script, vbscript, etc)
Strong analytical and troubleshooting skills and have an attention to details
Must be a self-motivated and results oriented individual with an attention to driving aggressive project timelines and schedules
Minimum of 5 to 7 years UNIX System Administration (AIX, Solaris or Linux) experience required

Senior Information Security Analyst Resume Examples & Samples

Advanced knowledge of one or more technology controls or security domains, disciplines and practices
Sound to advanced knowledge of business, technology controls, security and risk issues
Demonstrated ability to participate in projects of moderate to high complexity
Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives
Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level

Senior Information Security Analyst Resume Examples & Samples

Accountability: The ability to take responsibility for all work activities and personal actions
Fostering Teamwork: The ability and desire to work cooperatively with others on a team; demonstrate interest, skill and success in getting groups to learn to work together
Personal Credibility: Demonstrated concern that one be perceived as responsible, reliable, and trustworthy
Persuasive communication: The ability to plan and deliver oral and written communications that make an impact and persuade their intended audiences
Flexibility: Openness to alternative strategies; willingness to modify one’s preferred way of completing tasks
Thoroughness: Ensuring that one’s own and others work and information are complete, accurate, and are meeting a satisfactory standard; careful preparation for meetings and presentations is evident in work efforts
Competent PC user proficient in Lotus Smartsuite and Microsoft Office products
Proficient with Security Technologies – Firewall, IDS, IPS, Content Filtering, SIEM, Anti Malware, Anti-SPAM, Vulnerability Management
Understanding of standard IT Security and ITIL processes (e.g. Change, Incident and Problem Management)
ITIL Certified
CCIE Security Certified

Senior Information Security Analyst Resume Examples & Samples

Assisting with the Development of a consistent, agile, and repeatable Supplier Risk Management Risk Assessment process
On site Supplier Risk Assessments including reporting and remediation
Apply TD Risk and Control Framework relating to Technology Risk as well as the Operational Risk Methodology
Continually demonstrate initiative and team unity as the Information Security and IT Risk representative for the Enterprise Supplier Risk Management program
Participation as required in support of all strategic objectives established by the Supplier Risk Program Manager
Work with Supplier Risk Program Manager to demonstrate program achievements, milestones, and future goals
Assisting in the execution of program timelines and deliverables aligning with Supplier Risk Assessment Due Diligence and Oversight
Deliverables
Vendor Intake engagements
On site Supplier Risk Assessments including reporting, tracking, and remediation
Reporting
Create Supplier “State of Health” program for the business, including reporting, planning and prioritization of key risks
Provide assistance to the business to address Supplier technology based Audit findings and issues

Senior Information Security Analyst Resume Examples & Samples

50% Information Security Governance and Consulting
Serve as the first level escalation point for educating internal and external stakeholders on Pearson VUE security policies, standards and procedures
Liaise with business development, program management, other functional areas within Pearson, clients, external security consultants and investigative firms as needed
Complete information security risk assessments, internal/client questionnaires and other risk management activities
Provide oversight to various control owners completing and executing monthly, quarterly and annual user access reviews
Perform limited system administrator or elevated user access reviews on a quarterly basis
Provide internal and external consulting with regard to our information security policies, standards and procedures
35% Threat and Vulnerability Management
Manage overall program and execution of internal and external penetration testing
Analyze penetration testing results and provide initial recommendation on associated risk
Report and communicate results, remediation plans and progress to senior leadership on a periodic basis
Coordinate, manage and oversee penetration testing performed by internal and external consultants
Provide recommendations to development processes and procedures to proactively identity vulnerabilities
10% Policy and Documentation
Assists in the development and implementation of security policies and procedures
Ensures security document repository is reviewed and updated regularly
Manages boilerplate library and ensures all security templates reflect Pearson VUE’s current practices and technology
Analyze and review vendor and client contracts for adherence to Pearson VUE security policies and procedures
5% Other duties as assigned
5+ years IT Audit, Compliance and/or Information Security experience
Experience in ISO 270001, PCI, FISMA and SOC 1/SOC 2 preferred
Consulting, Big 4 or Public Accounting experience preferred
Experience in a Computer-Based Testing industry preferred
Ability to provide effective training and education to others
Common body of knowledge of information security
Results-oriented with strong commitment to tasks
Attention to detail and quality oriented
Ability to handle stressful situations
Knowledgeable of practices and standards applied in the Computer-Based Testing industry

Senior Information Security Analyst Resume Examples & Samples

Provide technical expertise and guidance for Mariner’s IT Infrastructure including networks, hardware, telecommunications and information security with the overarching goal of providing a comprehensive security posture
Plan, manage and implement small to large IT Infrastructure projects through their complete lifecycle
Develop and implement appropriate security for all data, to include back-ups and documented Disaster Recovery plan
Conduct analysis and remediation of internal and external vulnerability scans
Develop security hardware & software implementation standard for on premise and cloud infrastructure
Manage, monitor, and respond to security alerts from all endpoints across the Mariner network
Design and manage highly available and scalable networks and services
Work with entities to ensure all regulatory compliance obligations are being exceeded and conducting security reviews
Document and develop corporate policies regarding the security of Mariner’s networks and data
Establish and maintain regular written and in-person communications with the organization’s leaders and end users regarding pertinent IT activities
Bachelor’s degree required in Computer Science, Business Administration or related field preferred or equivalent experience
Minimum of 3 years of information security experience, with financial services preferred
Must be a hands-on team member with excellent technical and problem solving skills
Must have strong written and verbal communication, presentation and facilitation skills
Must have demonstrated expertise and knowledge of the following
Prior experience with remotely managing multiple sites with little or no IT presence

Senior Information Security Analyst Resume Examples & Samples

Work with the application development teams to ensure applications are adequately secured and security is integrated throughout the application development processes
Assess Information Security controls to ensure compliance with Pearson policies and standards
Identify security risks and recommend risk remediation and mitigation controls
Develop and manage integration with SDLC
Partner and collaborate with business and technology teams within Pearson Assessments to provide Information Security consulting and assessment services
Work closely with Corporate Compliance, Legal, and Data Privacy teams on security provisions in contractual requirements to ensure compliance with applicable state/national laws and regulations
Work with Pearson’s Corporate Information Security Office representatives to improve process, technology and communications between corporate and local business partners
Support corporate and business units in developing action plans to remediate their identified security issues and vulnerabilities
Support Pearson’s proposal teams in providing guidance and language for security responses
Poses excellent people skills and ability to integrate with people and processes
Possesses solid domain competency in the field of Information Security Management
Bachelor’s degree in computer science, Business Administration or equivalent educational or professional experience and/or qualifications. An advanced degree is also preferred
3+ years of information security experience required
3+ years of experience with information technology audits and assessments preferred
Familiarity with privacy laws, data protection/security regulations, and frameworks, such as BITS, SOC 2, COBIT etc
Experience leading audits for security and compliance such as ISO27001, ISO27018, SOC2/3, SSAE16, etc
Experience with information security concepts as they relate to cloud security and compliance
Familiarity with Amazon Web Services (AWS) control and governance concepts preferred
Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
Possess a solid understanding of underlying infrastructure architecture including WANs, LANs, Internet, intranets, cloud computing, and communication protocols such as TCP, UDP, and IPSEC
Excellent communication, listening and facilitation skills

Senior Information Security Analyst Resume Examples & Samples

Lead the planning, implementation, and management of the Security Awareness Program
Build information security awareness program that supports information security related initiatives and benchmarks
Coach team members to effectively conduct analysis of information security related metrics and issues to formulate changes in content being delivered to the target audience
Constantly analyze learning needs and partner with Human Resources, internal SMEs and internal education teams to provide input of course content or design
Define and document business goals and objectives as they relate to information security education and awareness
Measure the training effectiveness impact to the business by analyzing course content relevancy, participants knowledge, and information security performance goals to ensure the intended outcomes of the program
Provide ongoing technology recommendations and provision of tools, such as phishing evaluation systems, and ensure that a phishing campaign is included in the enterprise training program
Promote a risk aware culture, ensure efficient and effective risk and compliance management practices by adhering to required standard and processes
Minimum 3 years of technical and/or operational information security experience
Information Security experience, specifically with a security awareness program required
Experience with anti-phishing solutions like PhishMe
Ability to quickly learn new services, systems, processes and technologies
Excellent verbal and written communication skills with a strong attention to detail and multi-tasking
Ability to create effective security metrics and reporting to allow for decision making by management drive policy or program enhancement
Experience designing training programs

Senior Information Security Analyst Resume Examples & Samples

Understanding of Corporate Information Security Programs and the ability to apply them to our business unit. This includes awareness and support of Information Security threats and risks, Policies and procedures, and controls implemented to address policies, procedures and risks
Facilitating information security projects that require business unit resources
Identify risks and issues in our business unit bringing an information security lens to business unit projects and help to identify mitigations
Work with Corporate Information Security to coordinate and support security audits and assessments from clients, regulators or others
Collaborate with Information Security and Risk, suppliers, Auditing and/or IT staff to implement controls to close gaps
Work with the business, Supplier Champion, and Strategic Sourcing to assess risk and close gaps in solutions and services of existing and potential 3rd parties
Operate as an extension of the Business Information Security Officer (BISO) to execute upon all security related strategies as it relates to the business unit
4+ years of experience as an IT Info Security professional
Bachelor's degree in computer related field or equivalent experience required
Financial Services experience and/or experience working in a highly regulated environment
Working knowledge of industry reporting, audits and frameworks (SSAE16 SOC1/2+, ISO27001, PCI-DSS, HIPAA, NIST Cybersecurity Framework)
Excellent communication skills, including the ability to

Senior Information Security Analyst Resume Examples & Samples

Experience in JAFAN 6/3 or ICD 503; Joint Special Access Program Implementation Guide (JSIG) and NISPOM application as related to C&A
Two years' experience in major defense acquisition programs and vulnerability assessment and/or risk analysis
Level III certified in accordance with DoD 8570.01M ?Information Assurance Workforce Improvement Program.?

Senior Information Security Analyst Resume Examples & Samples

Track and analyze Information Assurance Vulnerability Management (IAVM) reports
Identify, download, analyze, test, and implement Information Assurance Vulnerability Alerts (IAVAs) and Security Technical Implementation Guides (STIGs) for system components and capabilities
Support operation and maintenance of the Development Software Support Environment (DSSE)
Support and maintain the Certification and Accreditation (C&A) requirements
Support the Risk Management Framework (RMF) process for cybersecurity using applicable tools
Update and maintain the Plan of Actions and Milestones (POA&M) and other required security documentation
Bachelor’s degree in Computer Science, Engineering or Technical discipline with concentration in Information Security or Cyber Security
12 years of related experience to include 5 years of professional IA experience
IA Technical and Computing Environment (CE) certifications; IA trained and certified per the Defense Federal Acquisition Regulation Supplement (DFARS) 252.239-7001, Information Assurance Contractor Training and Certification; IAW DoD 8570.1-M, Information Assurance Workforce Improvement Program, Change 2 and Army Regulation (AR) 25-2, Information Assurance
Qualified to perform in Information Assurance Technical Level II or Computer Network Defense - Auditor (CND-AU) positions in accordance with standards in DoD 8570.01-M and the Army Information Assurance (IA) Training and Certification Best Business Practice, corrected 6 Aug 2010
Experience can substitute for the degree provided the person has BOTH the relevant experience AND is fully IA certified in accordance with AR 25-2, Information Assurance, and the associated best business practice for IA Training and certification (IA Training BBP)
MS in Engineering, Computer Science or similar scientific /technical discipline
Experience in the following technologies: XML, WSDLs, Postgres, SOLR, Java, SOAP, REST
Experience with Test Driven Development
Experience with Microservices architectures
Experience with Docker
Amazon Web Services certification
Experience with Earned Value Management Systems
Demonstrated experience in Army and POR Systems is a highly desired

Senior Information Security Analyst Resume Examples & Samples

Minimum of a Bachelor's degree
Minimum of 5 years previous work experience in a security or IT related field
5 years demonstrated ability to monitor, review, report, and enforce security policies and procedures
5 years demonstrated experience providing guidance and advice to various groups on application systems activities
5 years demonstrated ability to communicate to all level of management in written and verbal form
Certifications: CISSP, CEH, OSCP, GPEN

Senior Information Security Analyst Resume Examples & Samples

CISSP or CISSP-ISSAP Required
Graduate Degree in Computer Science, Engineering, Math, Physics or comparable subject desired
LI-AC

Senior Information Security Analyst Resume Examples & Samples

Participates in Information Security planning and engineering for the company by evaluating new technology for the organization through quantitative and qualitative methods. This includes providing highly skilled technical assistance in complex information security planning, engineering and architecture for the organization
Performs complex security analysis and design, project planning, control, and implementation, as guided by the Information Security management team. Ensures all appropriate parties are informed of plans, progress, and status. May manage a project team from a technical perspective
Develops detailed reports and metrics based on in-depth analysis and presents to the Information Security team on a periodic basis
Participates in Information Security incident response and is responsible for root cause analysis and reporting. Provides detailed recommendations for future risk mitigation of similar incidents. Reports findings to appropriate management team members in a timely manner
Develops and maintains detailed procedural documents and user guides for Information Security technology utilized by the Information Security teams. Trains Information Security analysts on deployed technologies such as anti-virus, intrusion prevention, data leakage prevention, syslog, vulnerability scanning, web gateways, firewalls, etc
Provides direction, support and assists in the training of less experienced security analysts to orient them and increase their understanding of more complex security analysis and design
Develops and administers training to Information Security analysts on analysis techniques for Information Security teams
Leverages the Security Incident Event Management (SIEM) console to perform monitoring and correlation of security events. Creates rules for tuning out noise while increasing alerting for suspicious activity
Maintains and increases professional and technical knowledge by attending workshops, reviewing professional publications, establishing personal networks, and participating in professional societies
Provides guidance and input into the threat intelligence, security awareness and vulnerability management program
Bachelor’s degree in Computer Science or a related field, or equivalent experience
Six years progressive IT security skills, IT audit experience can be included in experience
Experience with in-depth technical analysis and reporting within the Information Security industry
Thorough knowledge and understanding of the technical Information Security environments and processes
Strong familiarity with ISO 27001 and ISO 27002 standards for Information Security
Strong familiarity with NIST (National Institute of Standards and Technology) 800 series
Working knowledge of various regulatory controls (e.g. SOX, PCI-DSS, GLBA, etc.) and GRC processes
Technical expertise in anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
Systems Security Certified Practitioner (SSCP), Security+, or comparable Information Security certification
Certified Information Security Auditor is a big plus, but not required
Excellent interpersonal, written communication, technical writing and presentation skills, essential
Strong reasoning and analytical skills; logical approach to problem solving
Ability to Learn quickly, absorb and retain information, and apply knowledge when and where relevant
Self-motivated and able to work on own initiative with minimal guidance
Experience with managing a varied and heavy workload and ability to prioritize work appropriately
Desire to see tasks through to completion
Ability to correlate network activity across networks to identify trends of unauthorized or suspicious use
Ability to identify and assess the severity and potential impact of risks
Ability and past experience performing moderately complex security analysis for information technology

Senior Information Security Analyst Resume Examples & Samples

Advocate and communicate procedures, policies, and guidelines related to Information Security
Apply security best practices and technologies to the design of software applications
Assist in the design of security controls, policies, and procedures
Assist in the implementing of enterprise security controls
Assist in the investigation of intrusion incidents, forensic investigations, and incident response
Assist in the audit of security controls across the enterprise
Attend security-related training and seminars
Collect and analyze data to drive decisions and recommendations regarding security standards and controls
Conduct internal and external research to collect and report data, share knowledge, and accomplish objectives
Coordinate the implementation and maintenance of security-related solutions
Develop security-related communication and educational materials, including but not limited to alerts, blogs, manuals, newsletters, presentations, and social media post
Engage with internal and external customers to discuss security-related topics
Maintain industry knowledge and be aware of current trends and threats as it relates to information security and compliance
Partner with software application development teams on security-related projects and topics
Provide oversight and serve as the technical SME for application penetration testing
Support internal and external customers as necessary
Work independently supporting diverse set of goals
Work across business units to effectively achieve goals
7+ years of experience and a Bachelor’s degree in Computer Science, Information Systems or related field
5+ years of experience working within information security programs focused on compliance with policies, procedures, and industry regulations
Minimum 5 years of experience working with Microsoft Windows and network technologies
Minimum 5 years of experience working with Microsoft Office, including Excel, PowerPoint, Project, and Visio
Deep understanding of the financial and payment card processing industries and the Payment Card Industry Data Security Standards (PCI DSS), either serving as an assessor or as an implementer of security programs
Understanding of information systems and security infrastructure
Strong communication skills, both verbal and written, with the ability to explain complex concepts in layman’s terms
Basic project management skills with the ability to organize activities, manage task, and report status effectively
Experience in incident response
Software development background working with Microsoft Windows technology
Mobile development background working with Apple and Android technology
Experience within the Hospitality or Food & Beverage business sector
Industry certifications CCFP, CEH, CRISC, GCIA, GCIH, GCWN, SSCP
Visit our careers site for a list of the benefits offered in your region in addition to a competitive base salary and strong work/family programs

Senior Information Security Analyst Resume Examples & Samples

Managing a large portfolio of Business Continuity Plans in accordance with TDBG EBCCM Policy. Providing oversight of the development and maintenance of the Business Continuity plans and tests for Enterprise Technology Solutions (ETS)
Ensuring preparedness of ETS to respond in the event of a significant business disruption by providing coordination, support and guidance to ETS on all business continuity activities
Providing guidance on the Business Impact Analysis (BIA) process to determine criticality rankings of BCCM Plans and submitting them for an independent validation
Fostering a productive relationship between EBCCM and the ETS line of business
Monitoring ETS organizational changes with ETS to ensure appropriate BCCM Plans exist with the ETS business line
Providing feedback for process improvements through regular status meetings
Interpret TD's BCCM policies, standards and methodologies and support implementation as required
Responsible for oversight and assessment of business impact during incidents
Assist and support development and invocation of Business Incident Management Protocols
Monitor and notify businesses of upcoming plan and test maintenance requirements
Ensure External Service Provider Relationships meet TD's BCCM requirements
Oversee BCCM technology recovery needs
Assess the design, implementation and maintenance of internal procedures that support adherence (compliance) to TD's BCCM Policy, standards & guidelines
Have effective and repeatable change management processes in place to maintain the currency of their Business Continuity strategies, plans and ultimately, their overall resiliency
Incident Management Role
Perform Quality Assurance of the Business Continuity Plans (including recovery strategy and workarounds) and Tests competed by 1A through assessing the viability, quality and appropriateness of the individual ETS BCCM Plans and Tests
Provide Education and Awareness of Business Continuity and Crisis management requirements as required

Senior Information Security Analyst Resume Examples & Samples

Requires a range of skills within a technical or professional discipline including familiarity with principles, theories, concepts and technologies to work on generally complex operational or technical activities and an applied knowledge of established procedures, policies and practices
Must have at least 7 years overall in a technology role including at least 5 years experience in Cyber Security, Information Security or an Information Assurance role
Must have at least 3 years of experience demonstrating knowledge of various software development processes including Agile methodology
Must have at least 5 years of experience in a security verification & validation, compliance or audit role
Experience managing people in a matrixed environment
Knowledge of a broad array of security solutions to address many complex control scenarios
Strong experience in task / project management including complex, fast paced, highly sensitive projects
Excellent communication skills including the ability to adjust presentation style to the needs of the audience and based on the intended objective
Experience in dealing with varying levels of user groups, senior executives and technical personnel and ability to effectively work with and communicate with all
Quick and effective analytical skills to identify security risks and/or gaps in security controls
Ability to understand the business processes within a targeted audit and to present technical information clearly to a nontechnical audience
Excellent problem solving skills to evaluate control alternatives that best reduce risk while maximizing enablement of the business
Experience in global operations, offshoring, outsourcing - Global Verizon outsourcing knowledge and expertise in associated risks
Operational Network, IT Development and/or Systems support background
Should have at least 1 year of experience in physical security reviews
Should have knowledge of and ongoing interest in cutting edge technologies
Bachelor’s degree in CS, IA or similar or equivalent work experience
Training/background attending security conferences, SANS certifications, chairing of forums, writing of security/technical books and/or similar web content highly desirable
Technology or Operations auditor experience - Active Security+, CISSP, CISA, CISM, CFE, or CEH Certification

Senior Information Security Analyst Resume Examples & Samples

Assist in management and coordination of Oracle’s corporate incident management program, including hands on coordination of highly critical incidents. This involves managing conference calls and engaging technical responders, as well as documenting actions and managing metrics related to incident response. Requires ability to work in an on-call basis for the duration of the incident
Manages critical incidents through all phases of the incident management life-cycle
Manages registration of incidents and accumulation of statistics and/or metrics related to incident management
Production of incident reports/metrics
Assist other security staff on specific projects and incidents as required
University degree from an accredited college or university, or equivalent
At least 10 years’ experience as a network analyst or systems administrator
Ability to project credibility and confidence at all levels of the organization
Strong technical experience, including Operating systems, web applications and network
Experience in incident handling, network forensics and malware analysis
Strong knowledge of Oracle internal systems preferred
Self-starter: doesn’t need to be micro-managed
Security certifications related to Incident handling and/or pen testing are a plus

Senior Information Security Analyst Resume Examples & Samples

Primary responsibility is to detect and respond to threats over infrastructure systems
Manage and monitor security incidents
Monitor & respond to Security incidents through log correlation tools e.g. Q-Radar etc
Manage IDS signatures, devices and other alert mechanisms
Monitor, review and analyze event details to discover intrusion attempts
Monitor security events generated by IDS sensors
Participate and perform in a post-mortem analysis of an incident
Follow checklists of pre-defined tasks related to security operations practices
Perform IT security incident triage and vulnerability analysis
Identify false positives from true security intrusion attempts and inform Security Engineering of false positives to improve efficiency
Identify known worms/viruses based on their signatures
Participate in vulnerability scanning of IT infrastructure
Serve as technical support on security related projects, including new implementations
Participate in the reviews of security controls, processes and procedures for all centralized applications and infrastructure
Fine tune and refine existing security filters and event rules to reduce false positives
Work in conjunction with Corporate security team to ensure alignment to Infosec policies
Perform security assessments, risk assessments, reporting, awareness and education as required
Assist with internal security audits and continuous improvement programs
Develop and coordinate security standards and procedures
Assist in review and collection of monthly metrics for management

Senior Information Security Analyst Resume Examples & Samples

Work with the Business Client, Application Owners, and Access Governance to interpret and negotiate business requirements for system development projects into the LAM Factory. Independently manage strategic initiatives to ensure the security controls of mission critical applications and networks are in compliance with ISS and Bank standards. Direct the utilization of technology to meet the strategic and tactical goals of the various organizational units supported by the department and identify opportunities and processes that will enhance the overall robustness and integrity of the systems infrastructure. Ensure a clearly articulated security strategy is in place to address the security requirements of Applications, Operating Systems, Firewalls, and Networks, and ensure security is implemented as per documented standards
Lead the analysis, design of business solutions; provide advice and guidance to project team. Collaborate with the project teams to ensure critical delivery dates are met for security reviews, server reviews, security patch rollouts and other time sensitive activities
Review business design documents and test plans to ensure that they are executed and updated accurately. Continually keep abreast of the rapidly changing technology environment, as well as new Bank and Divisional strategies and policies. Stay informed of EDP strategies, security and risk management policies, and government regulatory requirements, including back and Front Office processes in order to provide superior direction and guidance to staff, and to serve the user community effectively. Ensure communication with the remote sites globally is consistently maintained
Participate in defining the business implementation approach working with the Business Client, Application owner and Access Governance teams
Define the technical implementation of the LAM Factory approach with the Project Team and QAT lead
Liaise with other areas of IT&S and IS&C team to complete our deliverables for Internal Audits, External Audits, Annual Sarbanes-Oxley certification and other regulatory reviews
Continually improve processes which include: Overseeing the development and implementation of system and process enhancements. Managing and maintaining software and support tools. Creating and documenting new programs and internal procedures
Must have 4-6 years of progressive IT working experience with Sailpoint IIQ
Must possess expert working knowledge of Sailpoint IIQ application including access, certification, and application onboarding
Must possess expertise in IT key controls and risk assessment concepts
Possess sound knowledge of regulatory requirements
Must have advanced communication (verbal/written/presentation) skills in English. The same in Spanish is an asset
Possess technical working experience with Active Directory/LDAP/ID Provisioning/Single Sign On
Possess advanced MS Project skills

Senior Information Security Analyst Resume Examples & Samples

Support risk analyses on existing and to-be Web/application/database services, and the infrastructure/architectures supporting them
Apply threat modeling concepts (Decomposition and threat and vulnerability discovery)
Assist platform owners and design teams in applying the necessary security controls to mitigate associated risks
Ensure appropriate security provisioning during varying phases of SDLC
Review business requirements and document security requirements for the information systems
Ensure security standards are applied from design to UAT
Assist in the performance of security impact analysis for each proposed change to the system’s configuration
Provide assistance in the development of security policies and procedures and also assist ensuring compliance with those policies and procedures
Provide assistance in developing and updating security artifacts
Support agency operations involving information security auditing, monitoring and analysis
Support agency response to vulnerability assessment results
B.S. or B.A. in a technical field such as information/cyber security, computer science, information systems, or systems engineering
Minimum eight (8) years relevant work experience
Minimum of six (6) years information security work experience
Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
Cloud security certification, such as Certified Cloud Security Professional (CCSP)
Information risk management certification, such as CRISC (Certified in Risk and Information Systems Control)
Broad understanding of security protections typical in enterprise environments, including security hardening, firewalls and input filtering, DMZ architectures and boundary/endpoint best practices
Familiarity with Cyber Security Assessment and Management (CSAM)
Familiarity with Security Information and Event Management (SIEM) tools
Familiarity with JIRA workflow development
Familiarity with static and dynamic security testing tools (e.g., AppScan Source and AppScan Standard)
Experience with application of NIST Risk Management Framework (SP 800-37)
Minimum of three (3) years Security standards and frameworks
Project Manager – Practitioner
Minimum of three (3) years of Cybersecurity Consulting
Minimum of three (3) years of Information Security Assessment
Minimum of one (1) year Security Development Lifecycle
Minimum of one (1) year of Federal Information Security Management Act (FISMA)

Senior Information Security Analyst Resume Examples & Samples

Monitoring of security events including basic malware analysis, classification, and investigation follow up
Report and manage information security risk across both infrastructure and application environments
Manages audit finding remediation related to Information Security findings
Helps facilitate global security monitoring, incident response, and vulnerability assessment programs
Ensures that standards and policies are well understood and implemented across SLF
Monitors Internet usage, virus activity, and other threats to the organization
Implements security controls both technological and behavioral
Acts as the lead Incident Response delegate for Information Security incidents globally
Participate in an on-call rotation to provide after-hours pager support for escalations and incident
Participate in establishing and communicating relevant best practice scenarios relating to Information Security
Develops tracking tools to better articulate and collate risk data

Senior Information Security Analyst Resume Examples & Samples

Minimum 5-7 years of experience in information security (network, application and data)
CISSP or CISSP-ISSAP required
CISM, CCNP or CRISC desired
Other security industry certification desired
Bachelor of Science in Computer Science, Engineering, Math, Physics or comparable from a Tier 1 university desired
LI-DM

Senior Information Security Analyst Secret Clearance Required Resume Examples & Samples

Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction
Provide network and C2 systems operations support for C2 systems
Administration and maintenance of the operational network for the IM/C2 systems covered under this effort. A key facet of this requirement is the ability to ensure SIPRNET connectivity and the availability of mission essential platforms and applications to support operation requirements
Provide technical support required to ensure network administration for local IM/C2 LANs and tactical communications connectivity to the SIPRNET
C2/C4I Analyst experience to include the following: Completing Service Requests in production and deployed environments
Installing, configuring and upgrading C2/C4I systems
Maintaining and upgrading C2/C4I production environment
Managing C2/C4I system operations and services
Backing up C2/C4I system data
Installing, configuring, and maintaining Storage Area Networks (SAN) in production and deployed environments
Tools skills including two (2) + years of experience with MS Office products

Senior Information Security Analyst Resume Examples & Samples

Partnering with IT organization to develop, assess, and validate security architecture of IT solutions
Independently execute security risk assessments on policy variances and new technologies and communicate results effectively
Creates and updates process documentation
Creates information security reporting metrics and analysis for management
Effectively team with network architecture team to develop secure solutions
Assist with the management and validation of security firewall configurations
Participate in security assessments of cloud solutions
Assists in the operating system and application patching verification and reporting
Willing to share knowledge, advice, guidance and resources to a mentee
Provides support for network, application, and perimeter penetration testing/external assessments
Provides support for information cyber security investigations as well as on-call response for cyber security incidents
Provides support for security endpoint detection, event analysis, and response
3-5 years of related experience with Windows operating systems; strong comprehension of information and network security practices, and a broad understanding of networking including ports and protocols (IP, TCP, UDP, etc.). Knowledgeable of UNIX, Firewalls, Intrusion Prevention Systems, and antivirus systems. Familiarity with secure Client/Server web communications, log management systems, incident response, security monitoring, and basic spreadsheet and database skills a plus
3-5 years of related experience or familiarity with secure networking principles, secure network design, security hardening of network devices
Familiar with HPE ArcSight Security Tools preferred

Senior Information Security Analyst Resume Examples & Samples

Identify and on-board mission critical applications for code scanning, application scanning and penetration testing
Design and build database scanning and security programs
Mobile application code scanning and signing
Analyze alerts from web application firewall and ddos platform
Implement real-time protection for FedEx web presence
Log analytics using big data platforms
Threat identification and resolution
Demonstrated skills in collaboration
Strong knowledge of IT architecture
Knowledge of web security
Ability to work methodically
Ability to clearly articulate complex concepts through both verbal and written communication
Knowledge of data analytics
Knowledge of software security principles, concepts and best practices

Senior Information Security Analyst Resume Examples & Samples

JAVA
HTML5
Thick Client
Linux / *Nix

Senior Information Security Analyst Resume Examples & Samples

Installing, configuring, troubleshooting, and administrating the company’s network security hardware and software solutions
Evaluating the current network security architecture to recommend upgrades and improvements and continue monitoring and support
Support all virtual and physical security appliances in high-availability environments that span multiple data centers and physical locations
Creating, maintaining and updating operational documentation of client security infrastructure, communication flows, and routing necessary to support the environment
Proactively monitoring security systems and performing preventative maintenance and security updates to prevent performance impacts to systems and business functions
Managing client security solutions, configuring and tuning hardware and software to ensure optimum network performance and resource availability
Participating in disaster recovery tests, planning and solutions
Supporting system engineering and other operational teams when new systems or servers are introduced or new clients are onboarded
Planning and execution of any hardware migrations and upgrades that pertain to firewalls and network solutions
Establishing and maintaining processes and models to discover and remedy security incidents detected by network security appliances
Applying troubleshooting and root cause analysis methodologies to resolve security incidents detected on the network
Designing, planning and implementing projects as required to support the day-to-day production requirements and disaster recovery initiatives
Perform vulnerability assessment scanning
Meet with server and network teams to discuss vulnerability remediation
Work with managed SIEM vendor to properly assess and categorize alerts
Design and configure IDS/IPS alerts, including policy management
Document work efforts
Review security events to evaluate the risk they present
Review policies of firewalls
Participate in rotating on-call schedule
Conduct forensic analysis of network security incidents
Perform security audits of current infrastructure and applications
Monitor security bulletins, determine applicability and coordinate action plans
Continuously monitors global network environment for security risks and takes appropriate action to mitigate them
Resolves trouble tickets in Service Manager 9 ticketing system and meets SLA objectives
Performs administrator duties for Solar Winds Orion and HPOV network management systems
Performs administrator duties for Infoblox IPAM IP address management server
Requires 5-7 years of technical experience in the fields of networking and information security
Candidate must have at least 3 years’ experience in supporting Cisco ASA firewalls
CompTIA Security+ and CISSP preferred
SANS certificate or equivalent, highly desirable
Supporting system engineering and other operational teams when new systems or servers are introduced or new clients are on boarded
Palo Alto IPS Wildfire, AppID and threat management
Blue coat proxy support, management, reporting and troubleshooting
Cisco ASA firewalls
Cisco IPS
SIEM experience preferred
Cisco advanced routing/switching/Routing
Vpn Site to site troubleshooting
Brocade routing/switching
Bluecoat/Symantec Packetshaper
CCNA, CCNP, SANS GCNA, GCFW/GCPP certifications are preferred
Required experience: 4-6 years in a Network support, engineering or network security role required
Cisco ASA Firewall configuration and management: 4 years
Palo Alto Firewall and IPS: 4 years
Network support and management experience: 4 years
Palo Alto Firewall configuration and management: 4 years
Bluecoat Proxy: 4 years
Cisco VPN

Senior Information Security Analyst Resume Examples & Samples

Working with existing tools, systems and procedures to investigate and resolve daily threats and risks within the environment
Creating automation to bridge security gaps and automate response efforts
Understanding and assessing the current threat landscape as it applies to our business
Creating and updating elements of security governance (policies, procedures, standards)
Be an integral part of the Incident Response team
Enabling security transparency by ensuring risks are measured and reported
Passion for technology and information security
Strong sense of customer service
Knowledge of best practice security frameworks
Practical experience with operation of common information security solutions, including but not limited to

Senior Information Security Analyst Resume Examples & Samples

Develop, maintain and refine risk management practices using established risk frameworks
Maintain a working knowledge of current threats and vulnerabilities
Stay informed on information security best practices and evaluate their applicability in Red Hat’s environment
Develop, manage, and assess compliance with security controls, and manage deficiencies
Evaluate security policy, processes and procedures for completeness
Effectively and qualitatively communicate risks and potential impacts
Work with system owners to take preventative or corrective actions based on risk analysis
Consult with various areas of the business as an information risk subject matter expert
4+ years experience in an enterprise risk role with a strong information security focus
In-depth enterprise experience with one or more risk management methodologies and frameworks
Demonstrated pragmatic, adaptable, and results-driven approach to information security risk management
Ability to work as part of a globally distributed team using multiple communication methods to facilitate collaboration (chat, voice, video, email)
Excellent communication skills, both written and verbal, to convey information effectively and professionally to a wide variety of technical and non-technical audiences
Methodical, data-driven approach to security and risk analysis with the ability to think laterally and imaginatively in order to implement security improvements
Recognized industry certifications, like CISSP, CRISC/CISA/CISM, are a major plus

Senior Information Security Analyst Resume Examples & Samples

Perform identity & access provisioning responsibilities on mainframe subsystems and DB2 on IBM (RACF) & CA (ACF2) environment utilizing, at a minimum, TSO, ISPF, CLIST, access rules, USS OMVS, and SDSF
Perform troubleshooting, system, and user maintenance activities using zSecure, JCL, COBOL, and REXX
Participates in the identification and escalation of changes that will affect information security policy, standards and procedures
Reviews the development, testing and implementation of security plans, products and control techniques. Consults with client and development area management and staff in the design and implementation of new or modified information security processes
Investigates and recommends appropriate corrective actions for information security incidents
Performs access control and account administration of critical information resources and key users
Acts as a liaison to the product groups and assists them in the implementation of security technologies and applications security. Works in conjunction with technical counterparts to remediate audit and security findings
Participates in the evaluation of vendor proposals, conducts process analyses, reviews information security architectures and recommends modifications to the information security operations that reduce costs or improve service
Helps to develop communications and actively promotes related campaigns for information security awareness among all staff
Effectively communicates complex technical issues with sensitivity to diverse audiences
Participate in the monitoring of existing and proposed security standard setting groups, State and Federal legislation and regulations
Bachelor degree in Computer Science or a related discipline and typically six or more years’ experience in the security aspects relating to multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience
Requires a broad knowledge of on-line systems, access methodologies, and security procedures in order to work effectively with client and IT management, staff and vendors
Extensive knowledge of business operations required; familiarity with business objectives and strategies desired. Strong communication, negotiation and presentation skills required
Mainframe system & security administration
RACF, ACF2, and VSE expertise
DB2 on IBM (RACF) & CA (ACF2
TSO, ISPF, CLIST, access rules, USS OMVS, and SDSF
ZSecure, JCL, COBOL, and REXX

Senior Information Security Analyst Resume Examples & Samples

Creating, and maintaining various checklists and process documents for Web Applications and Mobile
Researching and understanding various new and existing vulnerabilities and developing effective mechanisms to detect and prevent them
Analyze different Web Security Threats and suggest coding mitigation
Documentation and reporting of vulnerabilities and suggesting mitigations
Full cycle experience handling application security assurance consulting projects
Experience in working with security standards like PCI DSS / PA – DSS
Hands on experience with respect to OWASP Top 10 standards / assessments and Vulnerability mitigation strategy
Excellent knowledge in Application, Mobile Application Vulnerability Audits and analysis
Experience in manually detecting various Web based security vulnerabilities like SQL Injection, Cross Site Scripting (XSS), CSRF and Session Hijacking etc. Threat Modeling of various sector applications
Familiarity with Akamai Kona and F5 ASM solutions

Senior Information Security Analyst Resume Examples & Samples

Successful fulfillment of information security related projects for the F&R Wealth Management business unit with specific focus on costs, benefits, and alignment with long-term strategies and resources
Builds effective relationships and communications with cross functional teams including the Wealth Management business unit, other ISRM teams, and other IT technology teams
Coordinating Wealth Management business unit customer assurance queries with the business unit and central ISRM customer assurance team
Production of management reporting to demonstrate Wealth Management business unit compliance with ISRM policy and other initiatives
Identifies opportunities and long-range security and risk improvement strategies within the Wealth Management business unit
Governance of Pen Testing, Application Assurance, Application Certification and Education and Awareness programs
Facilitates engagements to identify projects that enable business development while ensuring the necessary security controls are in place
Collaborates with the security architects to discuss potential solutions that match the business strategy with the technology Security Architecture strategy
Stay abreast of industry trends affecting information security and the Wealth Management business unit and consult accordingly
Manage issues, track remediation, and register risks in partnership with the Wealth Management business unit and ISRM
BS/BA degree in Computer Science/ Information Technology/ Information Security or related field or equivalent work experience
5+ years of experience in information security, infrastructure services, portfolio management or business systems
Strong oral and written communication skills with ability to understand technology sufficiently to clearly communicate the complexity in simple terms for key stakeholders
Demonstrated success participating in complex technology projects with a record of high customer satisfaction
Results orientated with proven ability to mobilize and energize cross-functional teams to implement creative out of the box solutions
Customer service experience improving the overall customer experience and ability to build relationships and influence all levels within an organization
Well versed in information security and financial services industry best practices
CISSP, CISA or CISM certification is preferred

Senior Information Security Analyst Resume Examples & Samples

Information Security Policy
Mergers, Acquisitions & Divestitures risk assessments
Outsource engagements
Risk assessments and reporting
Contract reviews and negotiations
Metrics and reporting
Managing multiple projects through to completion, ranging from reviewing security/privacy obligations to performing security gap analysis&#8217
Collect, analyze and interpret security metrics data
Maintain information security policies and procedures
Assists in the maintenance of the risk methodology processes/tools
Performs other related duties as assigned or required
2-5 years experience in information security , privacy or risk management in a financial services or internet driven environment
CISSP or CISA

Senior Information Security Analyst Resume Examples & Samples

Senior work experience in information systems and information security as typically acquired in 15 years
Five years of healthcare information technology industry experience highly desired
Significant knowledge of information security concepts and current information security trends and practices including security processes and methods
Must be an expert in security concepts, practices, and procedures
Significant knowledge of software, hardware, databases, networks, firewalls, encryption, and other system security devices
Must have the ability to provide effort estimation and complete work based on a schedule of activities in coordination with delivery leader
Experience with DNS, DHCP, TCP/IP, Active Directory, network topologies, and intrusion detection systems to enable incident response and investigations
Well-versed in Active Directory support tools including able to use LDAP tools and interfaces
Superior knowledge of SQL technologies and database architectures
Extensive experience with security tools in the industry
Demonstrates exceptional quantitative, analytical, and conceptual thinking skills
Strong skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
Extensive knowledge of federal and state security and privacy-related regulatory requirements
Extensive knowledge regarding NIST, HIPAA, FIPS, and other recognized industry security standards and best practices
Strong organizational and problem-solving skills
Prioritize work while multi-tasking on assigned work
Ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
Possess ability to identify key concepts, factors and risks based on conversations and document them in clear and concise narrative or graphic reports
Must possess expertise in developing long-term strategies to address security threats
Must work well within a time-sensitive environment
Ability to work alone as well as in a group, under pressure
Excellent ability to analyze, make decisions, and solve problems
Good leadership qualities to instruct and lead junior analysts
Able to train others on various system security threat mitigations
Maintains a passion for delighting customers
Proven history of executing business impacting projects with defined scope, deliverables and timelines
Strong diagnostic capabilities
Proven security analytics and/or extensive data analytics experience

Senior Information Security Analyst Resume Examples & Samples

Expert understanding and practical application of Archer or related eGRC tools, platforms or technologies
Preferred administrator experience of the Archer eGRC tool
Broad work experience of related eGRC technologies
Broad work experience with eGRC modules such as risk assessments, vendor management, questionnaires, workflow, dde, etc

Senior Information Security Analyst Resume Examples & Samples

5+ years experience in IT Security Analysis is Required
Project Management experience is Preferred
CISSP and/or CISA certification is a Plus!
5 years plus working with Audits and Compliance experience (PCI, ISO) is needed
Identity and Access management is preferred

Senior Information Security Analyst Resume Examples & Samples

Lead risk based and security analysis to administer and maintain, proactively identify issues/gaps and lead initiatives to improve overall Information Security function, ensuring access rights are maintained and risks remains low in changing business requirements and changing risk and threat landscape
Monitor changes to information security overall and proactively identify the need for changes to existing policies and procedures based on changes to the risk landscape
Administer and maintain user accounts to ensure appropriate access rights are maintained
Ensure compliance with all applicable internal and external Information Security requirements through coordination of internal and external Logical Security audits
Proactively identify and lead to resolve issues/gaps and redundant procedures based on changing business requirements and changing risk and threat landscape
Demonstrate awareness of all information security trends, vulnerabilities, including and especially those influencing the health care industry
On Call 24X7 for Security or IT related emergency, business escalations and change implementations
Lead incident managements including managing high and critical bridge
Lead both corrective and preventive action plans to completion for incidents
Clear understanding of IAM workflow and tools and technology in Identity and Access management area
Lead/participate in implementations of IAM related projects/initiatives
Lead work requests triage, and work assignment to team members, responsible for meeting service level agreements
Apply critical thinking, critical judgment and leadership on all core functional requirements
Build and maintain knowledgebase, process documentation and give training
Responsible for identifying, assessing, reporting, assisting/leading the remediation of IT security vulnerabilities
5+ years experience IT Security, Analysis, Project Management experience, with a CISSP and/or CISA certification a plus
Audit and Compliance experience (PCI, ISO)

Senior Information Security Analyst Resume Examples & Samples

Perform as the subject matter expert to guide and craft complex security solutions
Establish security criteria based on business, compliance, risk reduction and use cases
Provide solution architecture driven by regulatory compliance and customer security policies
Create and maintain required Security Architecture documentation
Collaborate with peers and other technology professionals to create high quality solutions
Partner with PMO to provide robust project plans
Lead and coach on the definition of security architecture, including the development and implementation of effective security administration processes for all platforms
Actively engages in security architecture solutioning within key pre-implementation systems
Define a process and architecture for assessing risk and controls for networks, applications and infrastructure and supports in the architecture modeling process for ensuring the appropriate identification and integration of various Cyber products and security services within a technologically diverse IS environment
Identify and implement emerging data access control technologies, information systems security issues, safeguards, and techniques
Develop and implement security solutions that will resolve security issues on a timely basis to enhance security
Perform security reviews and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy
5+ years of experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI)/Microsoft Operating Systems/SIEM, NAC, WAF, DLP, EDR technologies
Understand known vulnerabilities from alerts, advisories, errata, and bulletins & least privilege access controls
Demonstrated skill in designing security controls based on IA principles and tenets
Knowledge of encryption algorithms
Knowledge of traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.)
Knowledge of secure configuration management techniques
Knowledge of security management, software engineering and information technology (IT) security principles and methods (e.g. firewalls, Demilitarized Zones, encryption)
Knowledge of SOX, and Personally Identifiable Information (PII) data security standards
Knowledge of IT supply chain security/risk management policies, requirements, and procedures
Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g. application of defense-in-depth)
CISSP Preferred

Senior Information Security Analyst Resume Examples & Samples

Advises Program Leads of necessary security requirements when evaluating potential changes and requirements to the system
Work with Program Director and Program leads to mobilize security and address program needs, improvements, etc
Author and maintain all security artifacts for multiple contracts (Privacy Impact Assessment (PIA), Risk Assessments (RA), System Security Plan (SSP), SSP Workbook, eAuthentication Workbook, Contingency Plan (CP), etc.)
Proven track record supporting SCA, FISMA, A-123, and CFO Assessments as the primary POC for all activities
Strong understanding of HIPAA and IS027001/2 security standards
Extensive understanding of the CMSR/ARS security controls
Performs risk assessments identifying security issues, properly documenting, and assisting with implementation of mitigating controls
Coordinate remediation of pen testing, vulnerability scanning results for continuous monitoring
Assist business development, RFP and proposal support

Senior Information Security Analyst Resume Examples & Samples

Participates in the development and maintenance of business continuity planning, data, systems, and network security to ensure systems’ availability and integrity
Provides input to the service continuity planning process to support critical business functions, to minimize downtime, and to protect UPS’s information assets
Implements service continuity plans to ensure optimal security and service operations
Identifies and quantifies potential impacts from disruptions and outages to ensure effective maintenance of security and service operations
Identifies time critical applications and dependencies to support business functions, to assess the risks of systems’ availability and integrity, and to develop maintenance procedures and contingency plans

Senior Information Security Analyst Resume Examples & Samples

Designs, develops, and executes information security awareness campaigns to ensure compliance (e.g., with data protection and privacy laws, regulations, contracts, etc.) and the protection of information assets
Gathers information for, and develops customer information security assurance questionnaires to assess risk and determine current and future security requirements
Contributes to the development of the information security requirements of vendor and customer contracts to ensure UPS's information assets are protected, and all terms follow UPS standards and compliance obligations
Implements information security-related statute requirements to ensure domestic and international compliance
Enforces information security concepts to enable implementation and to ensure compliance and alignment with Information Services (I.S.) strategy
Communicates and advises on security policies, procedures, practices, and training on the holding, use, and disclosure of UPS’s business data to ensure compliance, continuity, and protection of information assets
Communicates and promotes corporate information security policies, standards, and guidelines to ensure effective enterprise security control requirements
Investigates security issues and escalates as appropriate to increase customer information assurance, stakeholder confidence, and risk aversion
Identifies industry best practices, standards, methods, tools, and applications to optimize UPS’s business risk management

Senior Information Security Analyst Resume Examples & Samples

Responsible for the vision, planning, and global implementation of access controls required to protect the information assets of the organization, as well as information entrusted to the organization by third parties, all of which may be required by compliance obligations and/or adopted best practice
Maintains, supports, and manages 24x7 the organization’s IAM platform
Works with Human Resources and other members of IT to improve process around IAM business processes
Understands the fundamental business activities performed by the organization and make appropriate network security recommendations to improve the effectiveness of the organization
Stays informed about the latest developments in the security field, including threats towards the organization, tools, attack vectors, and cutting edge preventative measures
Experience with IAM design, development, deployment, and maintenance
Experience one or more of the following areas: Federation, Enterprise Directory Architecture & Design, User Lifecycle Management, and Resource Provisioning
Knowledge of cyber threat tactics, techniques, and procedures
Experience with security tools, such as SEIM, Wireshark, NMAP, and Linux
Experience working in a team environment and taking a proactive leadership role to drive and perform security related work
The ability to effectively communicate with multinational business units and business owners
Associate's degree with a minumum of 6 years' information systems related experience or Bachelor's degree with a minumum of 4 years' information systems related experience
4 years' technical experience with IAM technologies
Secret Service clearance with working knowledge of ITAR, EAR and DFARS regulations
Security+, CISSP, CISM, HISP or SSCP information systems security certfications

Senior Information Security Analyst Resume Examples & Samples

Responsible for ongoing monitoring and reporting of security incidents along with projects and tasks associated with security and compliance. 30%
Serves as a subject matter expert in Implementing and strengthening information security monitoring protocols, policies and other information security owned systems. 30%
Ensures compliance with all banking laws, rules, regulations, and prescribed policies/practices/procedures necessary to reduce risk and uphold ethical standards related to and required by one’s duties. 10%
3-5 years’ experience in Information Security Required
Experience in operating systems including Windows 2003 & 2008 R2, Windows 2012, Windows 7 and 10
Experience with network devices/concepts, such as taps, SSL termination/acceleration,firewalls, routers, and switches
Experience with packet capture/analysis tools, such as Wireshark, NetworkMiner, or other similar tools
Experience with Malware analysis, cyber incident response, or digital forensic tools
Experience with RSA’s Netwitness or other industry SIEM technologies

Senior Information Security Analyst Resume Examples & Samples

Assist with managing Managed Security Services (MSSP) vendor
Recommend additional security solutions or enhancements to existing IT solutions to improve overall enterprise security, SIEM
Act as a resource to other IT departments and Woodward members seeking security-related advice and/or information
Responsible for virus and malware response and process oversight
Responsible for spam control process and review
Identify and evaluate information security issues in new applications
Assist with audit deficiency remediation and support audit requests
Monitor security process compliance
Responsible for data loss prevention response, process and oversight
Lead IT investigations for legal, HR, and internal audit
Part of a rotational on-call Security Incident Response team
Create and maintain security-related policies and procedures
Approve implementation of patches & system changes required to address security issues
Approve security related exceptions & changes to standards & processes (example: firewall, URL filters, account termination/activation
Perform IT security risk assessments
Lead and assist in IT security incident management activities
Facilitate implementation of business-friendly solutions that ensure the confidentiality, integrity and availability of Woodward information
Participate in the planning and design of enterprise security strategy, processes and procedures, under the direction of the Director Global IT Security, Risk and Compliance
Lead security related projects as applicable
Specific technical knowledge in three or more of the following areas: Windows Operating Systems, Linux, AIX, Internet technologies, Networking technologies, Encryption technologies
Up-to-date knowledge of hacking techniques and attack vectors
Familiar with ISO 2700 security standards
Willingness and ability to provide IT security direction and/or mentoring wherever applicable
Ability to work effectively in a collaborative environment
Strong knowledge or security regulations
Global mind-set
Good written an oral communication skills
Highly self motivated and directed
One or more advanced Security certifications demonstrating a broad knowledge of the information security field such as (ISC)2 CISSP, SCCP or ISSAP; ISACA CISA or CISM; GIAC Security Leadership Certification
One or more additional IT certifications meeting DoD Directive 8570.1 Level II requirements (GSEC, Security+, SCNP, SSCP, CISA, GSE, SCNA, CISSP, CAP, GSLC, CISM, CISSP-ISSAP)
Specific knowledge related to HIPAA, PCI DSS, SOX, ITAR, NIST and Safe Harbor compliance
Knowledgable in the following network technologies: Checkpoint or Cisco
Strong project management experience

Senior Information Security Analyst Resume Examples & Samples

Strong knowledge of computer operating systems including Windows, Mac, and Linux
Fundamental knowledge of VMware and infrastructure virtualization
Fundamental knowledge of data storage systems and delivery protocols
Strong knowledge of fundamental networking controls including L3 and L7 firewalls
Strong knowledge of security principles in all areas of IT infrastructure and workflows
Proven ability to conduct security assessments of internal and external solutions
Proven ability to author consumable reports of security findings
Proven ability to author security policy documents
Excellent interpersonal and professional relationship skills
Experience with software and hardware product engineering workflows
Experience with technology product manufacturing systems and workflows
Understanding of infrastructure hardening requirements and implementation
Advanced education in technology such as Computer Science or Information Security
CISA certification

Senior Information Security Analyst Resume Examples & Samples

Technology and Best Practices in the areas of risk assessment, compliance, and vulnerability management
Nexpose, Metasploite, Nessus
McAfee Web Gateway, McAfee EPO, McAfee SEIM
Sourcefire IDS/IPS solutions
RSP VPN Remote Access Solutions
Network investigation techniques
Controlled self-assessments/Audits
Have a customer-centric approach to problem solving, solicit customer feedback to improve service, respond promptly to customer needs, requests for service, and assistance
Identify opportunities to improve efficiency and reduce waste
Work within guidelines of established methods; obtain, clarify, and provide information within established parameters
Prioritize work activity and set goals and objectives
Develop and write technical documentation
Perform general security/audit functions
Perform network scanning and monitoring
Assist/conduct network incident response
Work independently with minimal supervision based on management direction
Bachelor’s degree plus 3 or more years of experience in Information Security Analysis (or Equivalent experience)
CompTIA Security +Experience working in a sensitive and secured information environment

Senior Information Security Analyst Resume Examples & Samples

Develop and provide controls, standards, process improvement recommendations, technical guidance and awareness for information technology compliance
Research, interpret, develop, maintain, and apply compliance regulations and control descriptions for information technology audits such as ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System), Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Service Organization Control (SOC), Policy, etc
Execute on all aspects of information technology audit efforts including planning, preparation, audit reports, field work, and follow-up activities
Participate in risk mitigation sessions for new projects or processes and ensure that all significant regulatory risks are identified and accounted for appropriately
Evaluate remediation plans and provide consultative support as to the interpretation of regulations and their implementation
Maintain position as a subject matter expert in current and new information technology compliance laws and best practices
Respond to inquiries about the Company’s compliance status and controls
Support customer retention through providing applicable and appropriate attestation for Thomson Reuters information security policies and practices
Provide information security risk management representation on customer calls regarding attestation of Thomson Reuters information security policies and practices
Perform a business impact analysis and operate as a key contributor to the Vendor Risk Management processes
Bachelor’s degree required or higher in Information Technology or any relevant fields
Industry-related certifications CISA, CISSP, CISM, and ITIL preferred
5+ years related work experience, including 3+ years in Information Technology and 1-2+ years in IT Audit
Technology, personal effectiveness and organizational skills
Familiarity with audit and standards processes including ISO, PCI, Sarbanes-Oxley, and SOC 1/2/3
Practical experience with the identification and remediation of compliance and security vulnerabilities
Thorough knowledge of technology platforms, products and services
Ability to communicate at all levels in the organization
Demonstrated strong problem-solving skills and effective negotiation and influence
Personal responsibility, in partnership with management, for career and development goals
Exhibited leadership in the knowledge and application of compliance initiatives
Ability to set project scope, delegate tasks and deliver quality results

Senior Information Security Analyst Resume Examples & Samples

Lead day-to-day management of security compliance and security operations tasks
Serve as the information security compliance subject matter expert for the team
Perform security assessment and authorization (SA&A) activities independently in accordance with applicable NIST standards
Provide direct support of information security compliance activities including managing plans of actions and milestones (POA&Ms), supporting the agency’s continuous monitoring program, developing information security related processes and procedures
Mentor and train other Analysts
Ensures quality and consistency of all work products
Minimum of 8 years relevant experience
Demonstrated experience serving in a lead role (i.e., supervisory, manager, etc.) managing tasks that may include, but not be limited to: SA&As (to include SSP development), continuous monitoring, POA&M management, contingency plan development, audit support and policy/procedure development
Demonstrated experience with application security, risk management, information assurance, third party (service provider) management and Cloud security
Demonstrated experience as a Subject Matter Expert (SME) with NIST SP 800-137, NIST SP 800-37, 800-115, 800-30, 800-60, 800-53, 800-53A, FIPS199 (and related OMB and NIST guidance)
Excellent oral and written communication skills and demonstrated ability to present material effectively to the highest levels of management
Demonstrated experience performing risk management activities developing and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), and developing and delivering Executive-level briefings
Ability to work in a team-oriented and collaborative environment
Strong Microsoft Office 2010 skills to include (Word, Excel, Visio, and PowerPoint)

Senior Information Security Analyst Resume Examples & Samples

Supports the Threat and Vulnerability Assessment (TVA) Team with reporting, management, and remediation of threats against the Agency
Participates on Incident Response teams as threat/forensic SME (Subject Matter Expert)
Performs assessments of the Agency’s security posture and correlates vulnerability data with network topology information to quickly identify risks
Produces reports on patches, exploits and vulnerabilities
Standardizes process and procedures and provides continual improvement
Develops and maintain comprehensive documentation
BS degree in relevant field/technology (or equivalent years of experience) and minimum of 4 years of related experience
Ability to obtain a government security clearance - US Citizenship Required
Ability to identify and recommend mitigations for vulnerabilities, exploits, patches
Familiarity with Advance Persistent Threat groups and Hacker activity
Ability to read network logs and analyze network packet capture data
Experience creating specific mitigation tactics such as IDS signatures
Ability to perform malicious code reverse engineering
Ability to utilize common sandbox technology to perform dynamic malware analysis
Comfortable working in a virtual team environment
Must be a US Citizen with ability to obtain a government secret clearance
Experience conducting malware analysis
Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and/or exploit tools

Senior Information Security Analyst Resume Examples & Samples

Initial triage
Coordination with various stakeholders
Collection of evidence
Technical Analysis and Forensics
Impact Analysis
Categorization
Containment
Mitigation of incidents
Lessons learned
Candidate must be capable of handling highly sensitive data, stressful or high-profile situations in a professional manner
Candidate must possess exceptional verbal and written communication skills
Candidate must be capable of using diplomacy when dealing with other parties
Candidate must have the ability to follow policies and procedures and use common sense to make efficient and acceptable decisions whenever there is no clear direction
Candidate must have advanced understanding of at least several of the following: Internet infrastructure, network applications, services and protocols (FTP, SSH, TELNET, DNS, DHCP, SMTP, HTTP, HTTPS, etc.), security principles, threats, vulnerabilities and risks to information systems (IP Spoofing, sniffing, denial of service attacks, malware), cryptographic technologies, host system security issues
Candidate must have experience with at least one of the following technologies: networks, operating systems, security systems, and infrastructure or data analysis or data management systems
Candidate must be organized and detail-oriented
Candidate must have the ability to solve problems in new situations
Candidate must be willing to continue learning (education) and apply gained knowledge to work situations
Candidate must possess the ability to work independently when required but also able to function as part of a team
Candidate should have demonstrated experience working with information and network security practices
Candidate should possess the ability to brainstorm new ideas and develop solutions for identified problems and/or procedural efficiencies
Candidate should have knowledge of attack methodologies utilized by attackers
Candidate should have knowledge of detecting attacks from various threat vectors
Candidate should have experience responding to an alert, analyzing log data to determine if security events are security incidents
Candidate should have experience with performing response measures on security incidents
Candidate should have knowledge of data mining and analysis techniques
Candidate should have knowledge of forensics methodologies and experience performing forensics investigations
Candidate should have knowledge of malware analysis and experience performing reverse engineering
Candidate should have experience administrating various information systems (Operating Systems, Internet Infrastructure, networks, and security applications)
Candidate should have experience with writing scripting, regular expressions and/or modifying programming code
Candidate should have security-focused certification(s) such as: GSEC, Security+, GCIA, CEH or CISSP
Candidate should have knowledge of security and compliance frameworks and standards such as (ISO27000 series, NIST SP 800 series, PCI, GLBA, SOX, COBIT)
Candidate should have strong analytical and problem-solving skills
Candidate should be self-motivated candidate with a strong desire to learn new technologies

Senior Information Security Analyst Resume Examples & Samples

Executes and coordinates IT Threat & Vulnerability management efforts across Thomson Reuters, based on industry standards, best practices, and established policies
Optimizes and ensures the continued and effective operation of information security controls of threat and vulnerability management, risk management and compliance
Evaluates remediation plans and provides consultative support with implementation of remediation steps, standards, and best practices
Works with business stakeholders and infrastructure management to ensure that policies and standards address the security requirements of the business
Assists with establishing metrics and monitors accordingly to report the effectiveness and efficiency of the Threat & Vulnerability management program
Understands and communicates potential threats, vulnerabilities, and control techniques
Contributes to and maintains documented policies, standards, and procedures for threat and vulnerability management requirements
Bachelor’s Degree in computer science, computer engineering or information technology or related field
Security, platform, network or control related certification (e.g. CISA, CISSP, CCNA, MCITP, CEH)
Service management qualifications (e.g. ITIL)
Proven experience in delivering or managing information security services, including experience in threat and vulnerability management
Strong technical knowledge and experience required in areas of vulnerability assessment, risk based threat analysis and vulnerability mitigation
Good knowledge of network and security technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching
Intermediate understanding of infrastructure control procedures and security (Networks, and UNIX / Windows servers and databases). Knowledge of web-application security
Intermediate knowledge of programming languages and/or scripting languages (Perl, Python, Ruby, ...)
Experience with solutions by Qualys, Trend Micro, McAfee, Rapid7
Excellent problem diagnosis and analytical skills
Self starter able to work with minimal supervision and ability to learn new skills quickly with minimal guidance
Ability to work in a team environment with aggressive deadlines and multiple priorities while staying a team player

Senior Information Security Analyst Resume Examples & Samples

Monitors and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation
Evaluates firewall change requests and assess organizational risk
Must have active TS/SCI clearance to start
Must be knowledgeable with the Security Technical Implementation Guides (STIGs), and all assessment and authorization policies and directives (i.e., DoDI 8510.01) for RMF
Two to three years of experience installing, configuring, administering and operating Assured Compliance Assessment Solution (ACAS) in the DoD environment
Firsthand experience with a successful RMF program

Senior Information Security Analyst Resume Examples & Samples

5-8 years of related experience in data IT security administration
At a minimum must be DoD 8570 IAT Level 2 compliant certified, i.e. Security+ CE or SSCP and technical computer environment certification or training to start. Must be able to obtain IAT Level 3 (CISA, GCIH, GCED, CASP, or CISSP) within 6 months
At least 2 years’ experience with Microsoft Office at the power user level or above
IAT-III compliant (CISA, GCIH, GCED, CASP or CISSP)

Senior Information Security Analyst Resume Examples & Samples

You will develop relationships with stakeholders to gain consensus on strategies, recommendations, findings and project plans
You will develop an understanding of business goals and frame risk discussions in business terms
You will constructively engage business partners regarding information security issues
You will actively and professionally engage business partners in conversations that drive good risk decisions
You will respond to security inquiries, provided in a timely and consistent manner
25% Project Consultation
You will facilitate identification / completion of information security project tasks (Project Risk Checklist)
You will provide consultation and interpretation of Global I/T risk management policies
You will coordinate completion of technology risk assessments (e.g. privacy, 3rd party, application)
You will provide consultation in design of controls into business and technology processes
You will collaborate with Global I/T Subject Matter Experts on technology risks/gaps
You will serve as the liaison between business partners and technology teams
20% Implementation of Security Controls
You will consult and validate the implementation of technology controls
You will collaborate with Technology Risk Analysts on common risks to achieve optimization and coordination of risk management activities
You will provide regular reports on the progress of risk management activities to the Technology Risk & Control Manager and business partners
You will facilitate security incident response activities
You will facilitate the completion and remediation activities of the following Risk Management Processes
8 years of IT or audit experience
Information Security certification (e.g. CISSP)
Experience in threat modeling – identification of critical assets, threat vectors and protection measures

Senior Information Security Analyst Resume Examples & Samples

Lead the research and testing of new technologies from a security perspective
Oversee development and implementation of security processes, supporting our technology strategy and technical solutions to assist in compliance with company-wide policies
Implement best practices to provide customer security, privacy, availability and compliance with PCI, SOX and other applicable laws and requirements
Document processes and procedures
Keep up-to-date on current technological trends and developments in the area of Information Security
Independently plan, organize and prioritize Security tasks
Maintain security devices and monitoring software
Drive implementation of security-related tools, editors and scripting
Develop security requirements for new IT initiatives; design and execute tests to confirm that those requirements have been effectively implemented

Senior Information Security Analyst Resume Examples & Samples

Subject Matter Expertise – Serves as information security subject matter expert to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and participates in efforts to examine technology vision, opportunities and challenges contributing input with regard to security standards and the impact of the technology
Project Oversight - Assesses project risk and complexity. Performs project handoffs including preparing documentation, educating and supporting to ensure smooth transitions. Assists with the selection and design of tools that allow reuse of design components and patterns between projects
Vendor/Tool Selection – Participates in the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Negotiates with vendors. Provides detailed analysis of pros and cons and build vs buy options. This includes interaction with vendors, IT and business area contacts to facilitate flexible, and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Develops working solutions or prototypes and resolves any issues that arise
Strategy & Architecture - Implements security strategy, architecture and tools in accordance with company standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the organization
Process Improvement - Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers. Maintains operational, architectural and design documentation including procedures, task lists, and architecture blue prints
Information Security Risk Management - Assists with information security risk management processes, program and strategy. Aligns information security activities with PCI, SOX, and GLBA regulatory requirements and internal governing enterprise risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; recommend corrective action of identified vulnerabilities and weaknesses. Assists with the planning, testing, tracking, remediation, and risk acceptance for identified security risks. Assists with the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators
Due Diligence –Assists with enterprise due-diligence activities including security monitoring and security metrics to evaluate effectiveness of the enterprise security program and established controls
Incident Response - May assist in conducting security incident response activities and post-event reviews of security incidents. Creates clear and professional documentation of root cause and risk analysis of all findings. Troubleshoots and/or executes action plans for issue resolution. May participate in investigation and contribute to reports of security threats and incidents
Secure Application Development – Performs highly technical/analytical security assessments of custom web applications, mid-tier application services and backend mainframe applications, including manual penetration testing, source code and configuration review using a risk-based intelligence-led methodology. Identifies potential misuse scenarios. Advises on secure development practices
Secure Testing - Assists with security testing projects according to a structured process, including writing test plans, test cases and test reports. This may include configuration and deployment of security testing software and application of results to security analysis. Demonstrates basic proof-of-concept exploits of vulnerabilities
Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience
2-4 years of IT experience that includes at least 2 years in information security
Relevant professional certifications or working towards attainment such as: GCIH/GSEC, CISM, CISA, CISSP, CRISC
Knowledge of common web technologies, enterprise and network architecture
Fast paced environment requiring execution of multiple simultaneous deliverables
Influence stakeholder compliance of regulatory standards while managing deadlines

Senior Information Security Analyst Resume Examples & Samples

Will administer network security and computing devices/systems that enforce security policies and controls in a mixed Linux and Windows environment
Will perform hands-on support for a wide range of security technologies including, but not limited to: SIEM, NIDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensic analysis software and security incident response
Will analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC), Managed SIEM partner and other security threat data sources
Will assist in responses to external audits, penetration tests and vulnerability assessments
Will perform forensic analysis, recommend and coordinate the application of fixes, patches, disaster recovery procedures in the event of a security incident or breach
Will research emerging technologies in support of operational security control implementation and enhancements
Will conduct vulnerability assessments, penetration tests and diagnose internet/extranet security, intrusion attempts, and incident responses
Will perform project leadership tasks on select security projects
Bachelor’s Degree in Information Security or related field; or equivalent post high
Three (3) years in a system administration (e.g., Network, Windows, Linux admin) role
5+ years of IT security experience including project management
Must have solid background with Linux, Windows OS and network security
Proficiency with firewalls and rule reviews, IDS/IPS (Network and Host level), vulnerability assessment tools, DLP, Wireless IDS/IPS, sniffers, TCP/IP protocol stack and the OSI layer, content management and filtering systems, VPN, remote access AAA, application white listing, password management/vaults, log management and correlation, and device/application hardening requirements
Experience in cryptographic technology (Protocols, API, Toolkits, Appliance, Hardware device, soft token, PKI) and their applications in secure e-mail, general message and content security (for file and database protection), SSL/TLS, SSH/SFTP, digital encryption, digital signature, and digital rights management
Experience with Cyber-Ark, TrendMicro Deep Security, SafeNet/Gemalto Authentication Tenable Security Center, Nessus Scanner, Passive Vulnerability Scanner, ArcSight SIEM, ArcSight Logger
Experience with MS-Windows Server OS and Active Directory
Proficiency with Linux OS and Cisco IOS/NX-OS
Unix shell scripting a plus
Proficiency analyzing network and host, event and security logs, and/or IDS alert logs
Proven project management and organizational skills, specifically managing multiple concurrent projects
Superior analytical, problem solving and decision making skills, applied with a solution-focused attitude

Senior Information Security Analyst Resume Examples & Samples

Cisco ASA Firewalls, including Site-to-site VPNs & AnyConnect
F5 LTM
Pulse Secure Remote Access (formerly Juniper SA) SSL VPN
Endpoint security – i.e. anti-malware / malicious code mitigation
Log/Protocol analysis
Networking concepts
Vulnerability scanning knowledge

Senior Information Security Analyst Resume Examples & Samples

Conduct and perform secondary reviews to test adherence of the information security policy, program and standards through timely review of organizational-wide controls, application SSAE 16s, application review and control reviews
Maintain oversight of the bank’s information security policies, standards, procedures, security documentation and regulatory documentation. Work closely with departments outside Information Security (Network Security, Technical Services, Lending, Deposit Operations, etc.) to assess company initiatives and maintain Old National’s Information Security policies, standards and procedures to ensure the risk of failed controls is reduced
Evaluate internal and external environment for threats, changes, etc. related to Information Security and perform the role as Information Security subject matter expert to ensure these are properly addressed and controlled
Create materials and deliver Information Security awareness training program which will be utilized by all levels of associates of the company to better understand the information security risks to the bank and the importance of an effective program
Assist in investigation and reporting of any Information Security incidents
Assist in the preparation of committee and board reports
Bachelor’s degree in a business or technical discipline
5 to 8 years of related experience in the area of Risk and Governance in the area of Information Technology
CISA (Certified Information Systems Auditor) or working towards CISA is ideal
Must have a working knowledge of information security standards including industry best practices, information security practices and experience with implementation issues related to regulatory and other requirements
Executive level written and verbal communication skills are essential
Must have knowledge of Information Security Governance. Ability to create governance documents, risk assessments and information and security control tests

Senior Information Security Analyst Resume Examples & Samples

Develop and assist in the enhancement of the Information Security Program and the yearly information security assessment
Perform audits, risk assessments, and vulnerability testing (internal, external, application, database, and firewall) to identify potential threats with appropriate remediation strategies
Develop and implement as required the necessary monitoring and detection solutions to audit and enforce company policies, controls, and standards
Manage and support security log management solutions and assist staff in troubleshooting and resolving network security issues including root cause and strategies to minimize future events
Perform incident response investigation and reporting activities in a timely and consistent manor, and assist with potential breach investigation and reporting
Conduct research on emerging threats and mitigating security products, services, and standards to protect our systems, networks, and data
Participate in IT development projects to ensure that security issues are addressed, and execution of departmental controls, standards, and procedures are being performed as required
Recommend and deploy additional security products and tools, or enhancements to existing tools, to detect violations of network security measures and malicious activities
Support the Vulnerability Management program to identify, communicate, and track vulnerabilities and patches for critical systems and devices
Develop security and privacy awareness materials, presentations, and training sessions to ensure employee awareness of appropriate information security policies and controls
Six or more years of Information Security experience including use of security best practices
CISSP or equivalent Information Security certifications are preferred
Advanced knowledge of information security frameworks, standards, and general best practices
Strong understanding of data privacy and protection requirements relating to personally identifiable information and protected health information
Must understand State, Federal, and other governing bodies security regulatory guidelines
Advanced knowledge of information security and computer network, application, and user access technologies including email security and encryption, multi-factor authentication, end-point security, anti-virus/anti-malware, and security log management

Senior Information Security Analyst Resume Examples & Samples

Under limited supervision, monitors, develops, implements, and troubleshoots various information systems security solutions ensuring resolution
Requires some general supervision and/or supervision to apply technical knowledge to our industry/markets
Is accountable for developing functional knowledge in order to become a full contributor to the team and its work distribution
Impacts quality of own work and the work of others on the team; works within standardised guidelines, procedures and practices and meets deadlines as described by supervisor
Exchanges straightforward information with others; asks questions and checks for understanding
Is being more independent in thought; is starting to challenge ‘why’ and gets involved in more difficult discussions
Performs routine information security responsibilities, including developing security solutions for simple assignments and utilizing all existing computer platforms
Demonstrates ability to manage several tasks and meet deliverables with minimal error. Determines the relative impact and urgency of individual tasks

Senior Information Security Analyst Resume Examples & Samples

Customer Support
Systems and Network Infrastructure
Emerging Technology
4+ years in Information Security or Compliance related services, IT audit, Internal Audit and/or Risk Management Experience
Able to handle moderate to complex resolution without escalation and with minimal supervision
Able to exercise professional judgment within defined policies and procedures
Experience in Risk Assessment, audit, and IT security assessments
Basic understanding of security controls for Windows servers/workstations; Unix, Linux; Oracle is a plus

Senior Information Security Analyst Resume Examples & Samples

Provide Tier 3 support for enterprise application security as needed
Administer web application firewalls and XML gateways
Act as security representative for enterprise IT projects through the creation and implementation of detailed design implementation plans, as well as liaison and work with other security SME’s to identify and remediate project security concerns during project implementation
Create and maintain enterprise controlled documentation including network security standards, implementation plans, risk assessments, work instructions, and guidance
Provide on-call support on rotational basis covering network security and basic support for other security specialties prior to escalation to those security SME’s
Act as security representative for cross-functional troubleshooting teams to aggressively identify and correct enterprise issues
Bachelor’s degree in an appropriate field or in absence of a degree, six years related experience
Must be able to independently own and drive security projects to completion
Must be a team player willing to engage and work with other team members, on a highly-virtualized team
Must be able to comprehensively identify security concerns in a cloud-based environment, and for 3rd party cloud-based solutions
Must be able to professionally frame risk management decisions, and work with leadership to determine best course of actions for securely moving the business forward
Must be able to professionally communicate security concerns and positions to non-security and/or non-technical audience
Must be able to obtain and maintain a Secret security clearance

Senior Information Security Analyst Resume Examples & Samples

Perform risk assessments of new and existing vendors, products/systems/applications, and services to identify and report on their information security posture, including identification of gaps and recommended mitigation actions
Identify opportunities to improve risk posture, designing security controls for remediating or mitigating risks, and assessing the residual risk
Generate responses to internal and external client questions, queries, and audits related to information security posture in support of sales opportunities, customer audits, or other stakeholders across the global organization
Conduct reviews of contractual clauses related to information security in third-party agreements with clients or suppliers
Support identification and assessment of information security events, including alerts, incidents, data breaches and emerging risks
Provide information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems
Assist QuintilesIMS project teams in assessing information security risks pertaining to the respective project scope and recommend suitable risk mitigation plans
Significant professional experience in Information Security, Risk Management, IT Controls, IT Audit, or other related area
Proven knowledge of information security concepts and best practices, as well as ability to apply these concepts to business scenarios
Experience in risk assessments, information security controls, information security architecture, network security, information security governance
Project management skills, especially those learned in a cross-functional environment
Knowledge of IT infrastructure, networks, databases, processing systems, web applications, and mobile technology. Previous information technology related work experience is an advantage
High level of accountability and ability to execute; familiar with estimating and planning own work effort including recognizing and escalating risks and issues in relation to delivery; attention to detail
Strong oral and written communication skills, excellent team player and collaborator
Working knowledge of IT governance frameworks and standards such as CobiT, ITIL, ISO27001
PC proficiency, including MS Word, Excel, Power Point, and Outlook
Bachelor’s degree in information security, computer science, or information technology
A CISSP, CISM, CISA, or equivalent professional certificate is preferred

Senior Information Security Analyst Resume Examples & Samples

Manage the ingestion & correlation of data from a variety of sources
Resonsible for developing searches across these data sets – whether manual or using Machine Learning techniques
Through review and analysis of cyber threats, provide both internal & external parties key information to respond to threat
Interact and assist other investigative teams within Illumina on time sensitive, critical investigations
Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents
Analyze intelligence from commercial and open-source threat intelligence data

Senior Information Security Analyst Resume Examples & Samples

Develop, review and maintain Security Systems Plan (SSP)
Conduct Security control assessments and perform all required activities such as reviewing SSP, Conduct interviews, Gather Evidence, create SAR, hold out-briefs, etc
Conduct technical assessment beyond just examining and interviewing
Work on getting the Authorization to Operate (ATO)
Perform vulnerability scanning, generate reports and coordinate with development team
Develop SOPs and artifacts using the established processes and using the best industry practices
6+ years of experience writing and reviewing Security Systems Plan (SSP)
6+ year of experience conducting Security control assessments and performing all required activities such as reviewing SSP, Conducting interviews, Gathering Evidence, creating SAR, hold out-briefs, etc
Possess hands-on technical skills to conduct technical assessment beyond just examining and interviewing
3+ years of experience in taking SA&A package from start to ATO
Thorough knowledge of Risk Management Framework, relevant NIST publications, FIPS guidelines, and other IT security policies
Experience with POA&M Management
Solid knowledge of InfoSec Operations, Systems Administration or Network Administration
Knowledge of guidelines and techniques for operating system hardening
Knowledge of Vulnerability scanning tools and techniques
Ability to work o hybrid team environments with people both local and remote
Ability to create clear, concise, and grammatically correct documentation
Ability to verbally express and communicate. Ability to annunciate clearly
Knowledge of MS Office, Visio
10+ years of IT experience (highly preferred)
Knowledge of NSAT (NIH System Authorization Tool)
Knowledge of Security Architecture
Knowledge with Trusted Agent FISMA (TAF) experience, Appscan, Nessus/Tenable, FISMArt, Clarity, Archer
CAP, CISSP, CISM, or CISA security certification

Senior Information Security Analyst Resume Examples & Samples

NIST Special Publications, especially 800-53
Writing security documentation
Managing multiple simultaneous projects
Participating in security assessments and audits
Identifying and mitigating risks
Managing POA&Ms
CISSP, CISM or equivalent security certification
Proficient with Microsoft Word, Excel, PowerPoint, Visio, and Pr
PMP and CAP certifications
Knowledge and experience with a FISMA tool such as RSA Archer and Trusted Agent GRC

100

Senior Information Security Analyst Resume Examples & Samples

Recommend additional security solutions or enhancements to existing IT solutions to improve overall enterprise security
Maintain, Administrate and Upgrade McAfee's Enterprise Security Suite, ePolicy Orchestrator and McAfee’s DLP solution
Specific technical knowledge in Windows Operating Systems, Linux, Internet technologies, Networking technologies and Encryption technologies
Responsible for virus response and process oversight
Identify security vulnerabilities, threat vectors and remediate
Monitor security compliance processes
Be part of an on-call rotation that responds to MSS alerting
Specific knowledge related to HIPAA, PCI DSS, SOX, ITAR and Safe Harbor compliance
Demonstrated experience understanding and assessing information security vulnerabilities and threats and to confidently make recommendations for remediation
Familiar with ISO 27000 security standards
Strong interpersonal skills with proven ability to work and communicate with internal customers, teams and external parties
Preferably one or more advanced Security certifications demonstrating a broad knowledge of the information security field such as CISSP, SCCP, ISSAP, CISA, CISM, GSEC

101

Senior Information Security Analyst Resume Examples & Samples

Investigate and respond to incidents of varying severities and complexity as defined by the Incident Response Plan
Perform log/network/malware/device analysis; make recommendations for remediation
Communicate remediation advice verbally and in writing as required
Update incident response work flows as required
Follow up to ensure that all incidents are responded to and remediated in accordance within SLA parameters
Determine and document root cause of incidents
Search end point, DLP, network IPS, and network proxy logs for indicators of compromise using Splunk
Participate in a monthly on-call rotation
Collect and analyze technical network activity for anomalies
1+ years recent experience as an incident responder in Security Operations Center
Solid understanding of HTTP and TCP/IP
Experience analyzing network IPS and endpoint logs
Knowledge of web application attacks (e.g. SQLi, XSS)
Bachelor or associate degree in related technical field of study combined with sufficient relevant work experience
Desirable industry security certifications such as GCIH, Network+, Security+

102

Senior Information Security Analyst Resume Examples & Samples

Under management guidance, develop, document, maintain, review and communicate Global Information Security policies, standards, procedures and guidance documents including necessary revisions, updates and amendments to IMS Global Information Assurance Framework
Contribute to development and revision of content for the information security awareness programs, training materials
Assist in communicating alerts, information messages and carrying out awareness campaigns for information security
Contribute to the definition and development of operational metrics and produce regular management information reports in relation to activities carried out by the Global Information Security team
Participate in cross-functional assignments during implementation of information assurance program elements for business units and/or functions
Support local and global response to internal and external client questions and queries in relation to sales opportunities across the global organization
Develop and document operational procedure in relation to security operations carried out by the global information assurance team
Assist in providing support to other management teams across the company in establishing relevant mechanisms for providing information security guidance and advice
Contribute to development of information security strategy including updates to the ongoing Information Security Program and annual plans
Perform identification, analysis, documentation and carry out maintenance of documentation repository for IMS information assets and intellectual property
Documenting and maintaining repository of information security safeguards landscape at IMS, identifying potential gaps and opportunities for improvement
Carry out research on current industry trends, communicating updates and collating proposals for relevant adjustments to Information Security Program and annual plans
Minimum of 4 years of professional experience in Information Security, Risk Management, IT Controls or other related area
Experience in risk assessment, information security controls, information security architecture, network security, information security governance
Working knowledge of information systems design, analysis, and operations
Experience and commitment in delivering significant value to organization as a trusted adviser
Experience of participating in cross-functional collaboration
Advanced knowledge of IT infrastructure, networks, databases, processing systems, web applications, and mobile technology. Previous information technology related work experience is an advantage
Strong communication skills, excellent team player and collaborator
Knowledge of Microsoft Windows, Unix and Mainframe technology platforms is an advantage
The position may require occasional US domestic and international travel of approximately 10%

103

Senior Information Security Analyst Resume Examples & Samples

Develop information security policies and procedures based on knowledge of best practice and compliance requirements
Performs audits to identify breaches
Implement security tools and software as required
Develops and maintain internal procedures to ensure data security
Function as part of a team
Strong Customer Service Orientation and ability to follow through on issue resolution
On-Call Support Required
Performs additional duties dependant on department requirements
1 – 2 years of General Computer experience is required
1 – 2 years of Healthcare experience is required
General, security education, network penetration testing, application vulnerability resting, security risk management

104

Senior Information Security Analyst Resume Examples & Samples

Develop policies and procedures reflecting the legislative intent of applicable laws and regulations for the NE
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations
Participate in an IS risk assessment during the C&A process
Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate NE security configuration guidelines, policies, and procedures
Ensure that NE IS recovery processes are monitored and that IA features and procedures are properly restored
Review IA security plans for the NE
Ensure that all IAM review items are tracked and reported
Ensure that IA inspections, tests, and reviews are coordinated for the NE
Provide leadership and direction to NE personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities
Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and follow NE and IA policies and procedures
Advise the DAA of any changes affecting the NE IA posture
Help prepare IA certification and accreditation documentation
Ensure that compliance monitoring occurs, and review results of such monitoring across the NE
Provide support for IA customer service performance requirements
Provide support for the development of IA related customer support policies, procedures, and standards
Establish enclave logging procedures to include: important enclave events; services and proxies; log archiving facility

105

Senior Information Security Analyst Resume Examples & Samples

Assists in providing internal security consulting and advisory services to internal business and IT stakeholders regarding information security requirements, security policy/standards, security architecture, threat modeling, and ongoing maintenance of the information security risk management program, including policies, procedures, technical systems, compliance, and risk assessment activity
Identifies and classifies security exposures or threats that currently exists or is emerging, and that create potential threats to Dominion systems or data
Participate in risk assessments, vulnerability assessments, and third-party security reviews to ensure that business partners, applications, networks, and infrastructure components adhere to security standards and policies
Assist in promoting awareness of security issues amongst the organization
Participate in the creation and review of information security documents (policies and standards)
Ability to make timely recommendations to effectively solve problems, using independent judgment consistent with standards, practices, policies and procedures
Professionally exercises discretion and independent judgment in day-to-day work
Support inclusion of applicable compliance, quality and process standards within all work
Complete all other duties as requested or assigned
Minimum 5 years experience in Information Security, IT Risk Managenment, or Cyber Security
Possesses foundational understanding of IT Concepts and principles
Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols desired
General and functional knowledge of hardware and software products that enhance the security of systems such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc
Must possess basic knowledge of network, desktop and distributed server hardware and software
Experience performing cyber security risk assessment, treatment planning and reporting a Plus
Possesses foundational understanding of Risk Management concepts and principles a Plus
Experience leading programs and projects with emphasis in security focused outcomes a Plus
Demonstrated analytical, problem solving, and communication skills
Demonstrated competency in verbal, written, and presentation communication
Demonstrated competency in interpersonal understanding
Demonstrated organization and planning skills, including time management, project coordination, and project management
Demonstrated competency in developing effective solutions to business problems
Demonstrated ability to understand customer's business needs
Demonstrated leadership of work teams or groups
Ability to handle multiple deadlines and associated pressures
Demonstrated ability to analyze problems and make decisions
Demonstrated concern for quality
Demonstrated flexibility
Demonstrated ability to work independently

106

Senior Information Security Analyst Resume Examples & Samples

Development and maintenance of all aspects of project and program support for the Data protection and Cloud Security group within TRMIS
Create and maintain monthly metrics / KPI's that demonstrate the effectiveness of the program, progress against deliverables, and awareness of accomplishments
Liase directly with internal audit, finance, and other stakeholders to address requests for information or support
Create and update standards and policy supporting all aspects of data protection and cloud security with input from the subject matter experts who support these domains
3-5 years' experience supporting an information technology group from a business perspective
Enterprise experience in business case creation
Enterprise experience in creation and maintainence of business reports/metrics
Ability to independently lead discussions
Ability to update policy/standards based on business requirements
Strong insttutional knowledge of cyber security concepts specifically data protection and cloud security
The candidate must have the ability to work independently and multitask

107

Senior Information Security Analyst Resume Examples & Samples

Define requirements and processes that can be implemented by security engineers to update methods, automate processes and control access and passwords
Perform research, compile results and report on the access requirements for business applications and processes
Support inquiries for access entitlement reports and field questions about entitlements from a wide variety of staff
Resolve problems and support business units’ needs for managing access to information
Lead the Quarterly Access Review process and / or other key initiatives and programs in Identity and Access Management
First Citizens Bank IT experience
3 to 4 years of experience with IAM technologies such as Active Directory services, Mainframe RACF, and permissions for File Shares and/or SharePoint
3 to 4 years of experience in process development, scripting, and report creation
Financial Services industry experience or FCB-specific application experience
Information Security certification, Security +

108

Senior Information Security Analyst Resume Examples & Samples

Perform complex operational support of IT Infrastructure technology including, but not limited to, network, security, messaging, storage, voice, etc
Perform complex analyses and resolution of problems to restore normal IT Infrastructure operational levels
Complete complex project tasks to enable the on time, within budget and scope delivery of IT Infrastructure projects

109

Senior Information Security Analyst Resume Examples & Samples

Perform complex analysis and resolve problems regarding information security
Develop incident response procedures
Oversee Change Management procedures
Conduct application risk assessments against Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI)
3 - 5 years' with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
7 - 10 years' experience with information security and systems analysis
5 - 7 years' with Information Security and/or Information Risk Management and/or Information Technology
5 - 7 years' with Information Security Governance, Risk and/or Compliance functions and activities
5 - 7 years' developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
5 - 7 years' with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
10 - 15 years' experience with information security and systems analysis
5 - 7 years' experience with data loss and data protection processes
5 - 7 years' experience with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits
IT/information security risk advisory experience
Governance Risk and Compliance (GRC) tool experience such as ARCHER
In-depth understanding of network security architecture, network and networking protocols
Knowledge of NIST Risk Assessment methodology
Strong teamwork and inter-personal skills

110

Senior Information Security Analyst Resume Examples & Samples

Operational Security Tasks
Bachelor’s degree or equivalent in computer science or equivalent discipline
Minimum 4-5 years’ experience in an information security role
Security-related industry certifications are preferred, but not required (e.g., CISA, CISSP, GSEC, Security+)
Knowledge of security industry practices and standards including SANS Top 20 Controls, and NIST
Experience with security assessments, incident response activities and working in environments subject to regulations (e.g., SOX, Data Privacy) and audit oversight

111

Senior Information Security Analyst Resume Examples & Samples

DoD 8570.01-M certified at the IAT-II level
Comprehensive knowledge of data security administration principles, methods, and techniques
Requires understanding of DHS/DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies
Requires knowledge of ACAS and HBSS
Requires strong written and verbal communications skills
Requires knowledge of DoD Risk Management Framework

112

Senior Information Security Analyst Resume Examples & Samples

Administer enterprise SIEM platform, and act as primary SME
Identify, confirm, and appropriately act upon security events and information to detect hostile activity directed against Rockwell Collins
Develop new reporting tools, reports, and algorithms to reduce false positives and improve enterprise awareness of our cyber landscape
Create and maintain enterprise controlled documentation including Risk / Response security standards, implementation plans, risk assessments, work instructions, and guidance
Provide on-call support on rotational basis covering Risk / Response and basic support for other security specialties prior to escalation to those security SME’s
A Bachelor’s degree in appropriate field or in absence of a degree, six years related experience

113

Senior Information Security Analyst Resume Examples & Samples

Participates in a team of cyber security analysts dedicated to monitoring for cyber security events
Investigate alerts, anomalies, errors, intrusions, and malware for evidence of compromise
Perform incident analysis, determine root cause and proper mitigation of cyber security events
Participate in cyber security incident response scenarios by collecting, analyzing, and preserving digital evidence
Ensure that cyber security incidents are recorded and documented according to procedure
Engages with other teams to mitigate cyber security threats, improve processes, and improve security posture
Analyzing threat intelligence for relevancy, impact, and exposure
Conduct research pertaining into cyber threats, campaigns, vulnerabilities, and technological advances in combating unauthorized access
Keeps management informed with precise information about cyber security events and posture
Reporting on incidents, situational awareness and metrics
Author procedures and other technical documentation
Create scripts to support automation of repetitive tasks
Participate in all aspects of Information Security Operations including an on-call rotation
Perform other duties as assigned by Management
Adhere to company policies and procedures
5+ years’ hands on experience in an information security role with a cyber security focus
An understanding of information security best practices and information security frameworks
Excellent analytical, troubleshooting, and problem solving skills
Experience with SIEM technologies, packet analysis & security analytics
Experience in cyber security incident response
Experience with TCP/IP, common network protocols, and applications
An understanding of operating systems: Microsoft Windows and Linux
An understanding of security operations tools such as firewalls, intrusion prevention, vulnerability scanning and malware prevention
An understanding of network tools such as routers and switches
Ability to perform during high pressure or stressful situations

114

Senior Information Security Analyst Resume Examples & Samples

30% - Application Security
Act an Information Security Subject Matter Expert
Assist with development teams to ensure secure architecture
Assist development teams in acquiring necessary background knowledge to avoid writing vulnerabilities into their code
Train development teams on application security, OWASP (Top 10), secure coding practices and remediation of application security code findings
Work closely with development teams to understand and address source code analysis results and ensure remediation is integrated into the developer toolkits and processes
40% - Compliance Management
Assist in the development, implementation and enforcement of compliance practices and procedures
Develop and communicate compliance awareness materials to user community
Assist with identifying, reporting, and resolving compliance violations
Evaluate and recommend new compliance technologies, processes and methodologies
30% - Information Security
Coordinates information security assessments with client teams and Corporate Risk and Information Security team
Assist with managing and monitoring ongoing internal and external compliance through periodic reviews
Assist with the RCA –Root Cause Analysis – on any event
Strengths in Databases such as Oracle/MS SQL with an understanding of networking protocols
Bachelor’s Degree from a four-year college or university or equivalent with 5+ years of Information Security Engineering/Architecture experience
Security certification such as CISSP, CRISC, or equivalent strongly preferred
Working knowledge of an information security framework. Data protection best practices and compliance requirements such as ISO27001, PCI, SOX, and HIPAA. Experience with software application security best practices
Working knowledge of software development skills in C#, Java and C level programming as well as strong scripting skills (i.e. PowerShell, Python, JavaScript, Perl); Extensive knowledge of UNIX/LINUX and Windows
Experience with source code analysis and vulnerability/penetration scanning tools
Knowledge of network infrastructure and threat detection tools
Knowledge of security/access control technologies such as Microsoft Active Directory, ADFS, SAML, SLDAP, OAuth
Knowledge of security controls for hybrid environments (cloud/on premise)

115

Senior Information Security Analyst Resume Examples & Samples

Monitor security events daily, performing investigations and working with the appropriate team members, business teams and IT teams to develop solutions that address critical security concerns
Regularly audit access throughout systems and applications, working with the IT and business teams to ensure access is at appropriate levels
Analyze system logs and other event logs to detect nefarious activity
Coordinate investigations and responses to security incidents
Audit the company’s security controls to ensure they are working correctly
Build documentation of existing processes and exceptions based on audit findings
Coordinate with information security and other IT engineers to ensure that existing or new sources of audit data are available
Work with the business to optimize and automate security-based processes
Review and assess third-party vendors
Coordinate periodic testing of information security specific processes, such as incident response plans
Contribute to the vision of information security tools and processes with an eye toward the future
Translate existing controls and concepts into audits to determine control effectiveness
Mentor more junior Information Security team members
Assist in light leadership duties as needed

116

Senior Information Security Analyst Resume Examples & Samples

3 to 5 years' work experience in information security, cyber security, data protection or a related field
Minimum of a two-year degree in information protection, computer forensics, computer information systems, computer science, or information systems management
3+ years of experience in performing vulnerability management for all platforms
Design and drive strategy and tactical plans toward holistic vulnerability & patch management across multiple technology teams
Identify problems and understand when to fix or when to mitigate risk
Experience with configuration & change management fundamentals
Must have good understanding of Network and Security infrastructure, topology including firewalls, routers, wireless access points, DNS, DHCP, and Group Policy
Experience with the following technologies: HPSA, HPNA, IBM Guardium, McAfee DLP, Foundstone
Professional IT security certification such as CISSP, SANS Certified Intrusion Analyst (GCIA), CompTIA Security+, CEH, GSEC and/or CISM is preferred

117

Senior Information Security Analyst Resume Examples & Samples

Vulnerability Management, Server Automation, Firewalls, IDS/IPS, Content Filtering, Anti-Spam, Anti-Virus, Forensic and Data Loss / Leakage tools,
Web Application Scanning tools,
Basic programming skills in various disciplines including scripting languages
Basic Linux and Windows Administration Skills
Basic Database Programming or Administration, database query skills
Infrastructure Architecture and Design Knowledge (2 years)
CISSP or CISM is a must,
The following certifications are an asset: GIAC GPEN, GXPN, GWAPT, GXPN, OPST, CEH, OSCP

118

Senior Information Security Analyst Resume Examples & Samples

Must be able to drive security and create and defend security position within project teams
Must be able to communicate effectively orally and written to Executive Management
Demonstrated analysis, planning, design, engineering and implementation experience of appropriate security controls within solutions delivery
Ability to design and review network designs for perimeter and internal environments
Detailed knowledge of: firewalls, network routing, Internet Security and Virtual Private Networking cryptographic systems and algorithms, key management and practices
Infrastructure security including Windows/Linux/Unix systems, Oracle and SQL databases
Operational security including access controls, data privacy, monitoring and logging and availability requirements that meet corporate Business Continuity strategies
Knowledge of regulatory requirements, security standards and compliance issues (FFIEC guidelines, Sarbanes Oxley, GLBA, ISO 27001, CobiT v4.0, and Payment Card Industry Data Security Standard (PCI DSS))
In addition to security, proficient in other IT control areas (i.e., change management, SDLC, and Agile Operations)
Strong project management (and time management) skills required
Ability to work on numerous projects/activities simultaneously
Industry security certifications preferred (CISSP, CISM, CISA, CEH etc)
Provide clear and concise security requirements that meet corporate direction, regulatory requirements and security best practices
Review project solutions designs to ensure security requirements are met in both SDLC and Agile formats
Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives
Be able to articulate and defend security positions
Research, formulate and present detailed security positions relative to new technologies to Senior Information Security Leaders
Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
Managing and reporting status of identified risks

119

Senior Information Security Analyst Resume Examples & Samples

Baccalaureate degree in a technical field or equivalent relevant and progressive work experience
Experience configuring and operating network and host-based firewalls, intrusion detection/prevention systems, vulnerability scanning tools, secure data transmission technologies (e.g., SSL VPN, IPSEC, SSH), and network monitoring/protection solutions
Extensive knowledge of security risks, controls, and risk mitigation options applicable to computer networks, server and desktop operating systems, communication protocols, and software applications
General knowledge of authoritative standards, guidelines, and best practices relative to information technology and security
Ability to forge and sustain effective and productive working relationships between diverse members of project teams and work groups
At least one up-to-date and active information security certification (e.g., CISSP, CISA, GIAC, CISM)
Experience in a full-time information security position or role
Demonstrated leadership, sound judgment, poise, and composure in responding to security questions, events, and incidents
Experience in security governance, compliance, and policy development
Prior experience implementing solutions in highly regulated and confidential environments (e.g., PCI, HIPAA, FERPA, HITECH)
Prior experience developing an information security program
Knowledge and understanding of TAC 202
Prior full time experience as an information security professional in a Higher Education or similarly open and decentralized environment
Experience using structured, established project management methodologies
Multiple, complementary information security certifications (e.g., CISSP, CISA, GIAC)
Prior experience using the following or similar information security technologies

120

Senior Information Security Analyst Resume Examples & Samples

Candidate must possess 5 year’s experience in the administration and operation of Microsoft Active Directory in a large Enterprise environment
Experience required leveraging Active Directory GPO’s to secure and harden server and workstation operating systems from cyber security threats
In-depth experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols desired
Demonstrated competency in verbal, written, and presentation communication. Demonstrated competency in interpersonal understanding
In-depth knowledge required of Microsoft Active Directory domain administration and LDAP technologies

121

Senior Information Security Analyst Resume Examples & Samples

Collect and analyze event information and perform threat or target analysis duties
Interprets, analyzes, and reports all events and anomalies in accordance with Computer Network Directives, including initiating, responding, and reporting discovered events
Provides correlation and trending of Program’s cyber incident activity
Develops threat trend analysis reports and metrics Ability to write ad hoc scripts as needed to support tools
Participate in change control as needed
Ability to follow and author Standard Operating Procedures (SOPs) and training documentation when needed

122

Senior Information Security Analyst Resume Examples & Samples

Work as a key member of the Local Incident Response Team (LIRT), handle incidents response related activities including investigating, forensics, issue tracking and resolution
Handle all aspects of vulnerability assessment, vulnerability management, configuration and patch verification, and compliance oversight
Work with business and IT teams to identify secure solutions and risk mitigation options to reduce risk and exposure
Interact with stakeholders across the District and Federal Reserve System to effectively shape and drive security strategy and capabilities including participation in strategic initiatives and workgroups
Lead the design and development of information security operational reports and scorecards
Translate and communicate complex security information to facilitate staff and business understanding of risks
Lead the development and maintenance of security policies, standards, controls, guidelines and operating procedures in addition to the organizations' compliance requirements
Responsible for the planning, development and delivery of initiatives that instill Bank-wide ownership and responsibility for information security Identify methods to improve internal coordination and communications to rapidly respond to security incidents
Identify and implement processes and tools that facilitate achieving business objectives while complying with applicable security requirements
Provide security education, training, and awareness briefings across IT, business units, and external service providers
Promote sound information security practices including creation and delivery of specialized business specific security awareness training
Research and stay up-to-date on the industry's best practices, security trends and advancements in technology
7 years of experience in information security
Bachelor’s degree in Computer Science or related disciple or equivalent years of work experience
Knowledge and understanding of a wide range of information technologies and information security topics
Maintains up-to-date technical competences in application development practices, networking protocols and infrastructure designs; including application security, firewalls, intrusion detection systems, and vulnerability assessments
Excellent communication, analytical, organizational and problem-solving skills
Self-motivated and able to carry out assignments with minimal supervision
Highly proficient written and verbal communication skills, including the demonstrated ability to communicate in an articulate, concise manner to a wide range of audiences from Bank users to executives
Demonstrate effective customer service and interpersonal skills, including the ability to work effectively in a team environment; motivate and work through and with others to accomplish tasks; and deal honestly and directly with others
Proven ability to interact well with various technical teams, business owners and management at all levels of the organization to successfully deliver on changing business need
Demonstrated ability to work under general direction with substantial personal responsibility and autonomy
Strong critical thinking, analytic and problem-solving skills are required
Must obtain Security Assurance for the Federal Reserve (SAFR) certification within 90 days of employment
Must obtain CISSP certification within the first year of employment
Must be able to participate in on-call rotation and support during off-shift hours
Experience in administering and troubleshooting various operating systems including Windows, UNIX , Mac and mobile devices in an enterprise environment
Experience in software development, application security and/or troubleshooting network related problems
Experience with programming using Perl, Python, Java, and Shell Scripting, Windows/UNIX
Experience with various vulnerability scanning and management tools

123

Senior Information Security Analyst Resume Examples & Samples

Manage and maintain a SIEM and Threat and Incident Response Program. Duties include: develop content, use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions
Review security threats and recommend/implement effective countermeasures, as required
Workflow and process creation
Develop and maintain of policies, processes, and procedures
Train/mentor junior threat analysts
Execute security controls to prevent hackers from infiltrating company information or jeopardizing programs
Configure, manage, and support various network and host security systems and programs such as network Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) systems, Host Intrusion Prevention (H-IPS), Application Control, as well as other associated security systems/environments
Develop informational and residual risk analysis reports as needed
Perform security risk assessments and conduct security analysis to evaluate and mitigate risks and related issues
Assist in technical and programmatic assessments, security engineering strategies, and integration initiatives
Implement security solutions which are in line with security best practices

124

Senior Information Security Analyst Resume Examples & Samples

Five+ years of progressive experience in networking and information security, including experience with Internet technology and security issues
Experience should include security policy development, metrics capture and analysis, security education, application vulnerability assessments, risk analysis and compliance testing, and project management
Experience in a CSIRT
Experience in health care
Solid understanding of networks
Solid understanding of Information Security
Solid understanding of infrastructure vulnerabilities and countermeasures
Knowledge/experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration
Knowledge/experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management
Knowledge/experience with data security tools such as DLP (Data Loss Prevention), content management and SIEM and Log Management
Identify and be able to react to network attacks, viruses, malware, SPAM, phishing and other intrusions
Ability to conduct system security vulnerability and threat analyses, gathering of intelligence, risk assessments and mitigation planning and implementation
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPAA, HITECH, etc.) and desktop, server, application, database, and network security principles for risk identification and analysis very helpful. Strong analytical and problem solving skills are required. Excellent communication skills

125

Senior Information Security Analyst Resume Examples & Samples

Coordinating and executing assessments between the internal stakeholders and external audit partners
Coordinating work across teams within and outside Legal Technology to achieve project deliverables and goals
Overseeing and monitoring progress on multiple projects relative to schedules and deliverables
Communicating and reporting status and audit findings to peers and management and all other relevant individuals and groups
Developing or contributing to business cases that include Information Security Assessments
Reviewing and assessing information prior to providing it to the auditors
Participating in the post-audit work, including coordination of responses and remediation efforts
Coordinating Customer Security Questionnaire process between the internal stakeholders
Coordinating work across teams within and outside Legal Tech to achieve high level of accuracy and fast turn-around
Communicating and reporting status to peers and management and all other relevant individuals and groups
Developing or contributing to process enhancements
Review Subject Matter Expert responses to confirm accuracy
Understand product architecture and data flows of products in the Legal BU
Bachelor’s degree in computer science, business or equivalent experience
5+ years of relevant experience, with experience in a technical field preferred OR 3+ years in IT Security Audit experience
Experience with information security projects or audits and understanding of information security related process and controls
Working knowledge of one or more security assessment standards as PCI, HIPAA, ISO 27001/9001, and SOC2 attestations highly preferred
Technical background, or ability to understand technical requirements
Ability to work in a highly matrixed business environment
Ability to be broadly focused and manage multiple efforts concurrently
Ability to work independently while maintaining alignment and overall direction
Ability to work effectively with all levels of the organization, including staff, business stakeholders, and all levels of management
Strong written and verbal communication skills, including with Executive audiences
Ability to learn quickly and immediately apply new knowledge
Work with information security staff to understand the current information security risk, compliance, and remediation landscape, reporting and analysis architecture, and the use of associated tools and techniques
Good organizational skills, including prioritization and time management
Information Security certification (CISA, CIA, CISSP)
Broad knowledge of Legal BU Products, Content systems, and Thomson Reuters Content

126

Senior Information Security Analyst Resume Examples & Samples

Define and maintain Information Security aspects of GRC tool and process requirements, selection, and deployment; jointly with the Enterprise Risk, Operating Risk, Sarbanes Oxley, and Internal Audit teams
Identify the controls needed to ensure the confidentiality integrity and availability of information assets
Utilize Enterprise Governance, Risk and Compliance tools/frameworks to complete work
Ensure information security controls and gaps are appropriately associated with information security threats, vulnerabilities, and information assets
Create and maintain documentation for the population of Information Security risk assessments, control gaps and gap remediation plans -- work with asset owners to assure remediation plans are adequate and efficient
Instill a sense of urgency in driving assignments to completion
Review business processes for information security risks with internal control processes
Develop and prepare key process indicators reports on status of risk assessments, controls effectiveness, control gap remediation, and audits and examinations
Identify, track and escalate gaps during risk reviews and communicate compliance issues to senior management
Remain up to date on GLBA, FFIEC Guidance, PCI, SOX, COBIT, and GCC (General Computer Controls) and attend conferences/workshops as needed
Assist with the development of procedures and guidelines in support of Governance, Risk and Compliance program
Evaluate information systems, platforms, and IT operating procedures in accordance with industry standard frameworks, regulations, and best practices
Conduct Information Security risk assessments
Bachelor's Degree in Information Security, Information Technology, or related field strongly preferred
Strong foundation in Information Security with minimum of 3-5 years of work experience in Risk Management, Compliance, or Audit within a large IT organization
Understanding of Information Security controls testing
Understanding of regulatory environments applicable to financial services industry, including GLBA and HIPAA
CISA, CISSP, CRISC, or related information security designations desired
Ability to navigate the organization, collaborate across locations & cultivate effective working relationships across various organizational levels through sound analysis and persuasion
Ability to effect change and bring industry experience to the organization through the use of positive influence
Makes decisions required to resolve moderately complex problems and issues
Applies understanding of the evolving governance, compliance, and regulatory landscape as it pertains to information security and risk management practices to complete assignments
Applies expertise and promotes use of Information Technology tools and processes for component of project work

127

Senior Information Security Analyst Resume Examples & Samples

Align with and support the execution of the Information Security Program vision and strategy
Provide assistance in the implementation, maintenance, and monitoring of the information security program into in-scope operational areas (gap analysis, risk assessment, third party assessments, procedure/specification development, execution of recurring procedures, incident response)
Identify, analyze and communicate information security vulnerabilities
Support Law Department with e-Discovery requests
Run incident response process including the use of forensic techniques, tools, and procedures
Ensures that application security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall security
Engage in projects related to information security
Serve as information security subject matter expert, trusted advisor; provide advisory and consulting services as needed
Understand current as well as emerging security threats and design security architecture to mitigate threats where possible

128

Senior Information Security Analyst Resume Examples & Samples

Provide security and privacy program analysis and operational support to the Health unit (including support to business development, legal/contractual, proposal, and project activities)
Monitor, plan/prepare for, and execute contractual requirements at the proposal and project phases
Act as a face-to-face liaison with Health clients, including CMS, SSA, large federal IT integrators, and states
Contribute to and execute enterprise security guidelines by teaming across business units and with corporate infrastructure management
Develop and operationalize Health IT security processes, including management of accesses to CMS systems
Research, summarize, and operationalize prevailing security standards, guidelines, and best practices that promote compliance with Health clients (CMS, SSA and other relevant federal agencies, state and local agencies, FISMA, and OMB Circulars)
Drive Health IT security at the project level, including consulting on the design and development of software systems (includes assisting in preparations for security-related training and evaluations of information technology systems)
Develop and maintain a list of client-accepted languages and platforms (e.g., where are open source languages acceptable at CMS, SSA, and other Health clients)
Develop and review security authorization documentation for Health work (e.g., security policies and procedures, security plans, risk assessments, test reports, contingency plans, responses to audits)

129

Senior Information Security Analyst Resume Examples & Samples

Manages and maintains a network intrusion detection system
Manages and maintains a security information management system
Manages and maintains a change detection system
Manages and maintains a vulnerability discovery and management system. Provides reports on specific vulnerabilities as well as overall state of risk in the computing environment
Conducts information security assessments and risk analysis of computing environment
Manages remediation efforts with Information Technology organization when vulnerabilities are identified
Manages, performs and maintains compliance efforts with various laws and industry regulations including Payment Card Industry Data Security Standards (PCI-DSS), Sarbanes-Oxley (SOX) and HIPAA
Reviews application code to identify vulnerabilities; develops and recommends remediation plans
Provides technical support for e-Commerce fraud investigations
Conducts computer forensics examinations and assist with e-discovery efforts as necessary
Conducts investigations of computer security events and assists with remediation where applicable
Completes components of incident response plan as directed
Assists with enterprise-wide information security awareness program
Assists in the training and development of departmental associates as needed
College Degree in computer science or related field or equivalent experience required
Minimum of five years experience in an Information Technology field with a minimum of three years in an Information Technology Security function required. Experience in a retail company preferred
Expert knowledge of network security systems including intrusion detection, firewalls, change detection, vulnerability scanners and security information management tools required
Previous system administration and/or network/data communications experience preferred
Previous experience with performing application security reviews, software developer or background with writing automated scripts preferred
Expert knowledge of Windows and Linux operating systems required
Expert knowledge of core internet and network protocols required. (e.g., TCP/IP, DNS, SMTP, HTTP etc.)
Strong interpersonal skills with the ability to develop alliances with key stakeholders

130

Senior Information Security Analyst Resume Examples & Samples

Maintain protection of information resources by implementing and managing security systems and identifying potential risks and security breaches; provide risk assessment
Implement and maintain security processes and procedures by providing recommendations around policies, regulatory compliance and best practices and identifying opportunities for improvements and/or updates
Respond to security changes and requests by providing technical support for implementation and updates of information security technologies
Manage security incidents, investigations and reporting; maintain accurate documentation for assignments
Facilitates the access recertification process on a periodic basis (monthly, quarterly, annually, etc.) for in-scope applications based on business and application owner direction
Contribute to team member on-boarding and development by sharing information security knowledge, answering questions and providing recommendations around issues of moderate complexity
Contribute to a positive work environment by demonstrating cultural expectations and influencing others to reward performance and value “can do” people, accountability, diversity and inclusion, flexibility, continuous improvement, collaboration, creativity and fun
Adopt QBE values in personal work behaviors, decision-making, contributions and interpersonal interactions; manage own career development by soliciting feedback and valuing other perspectives
2 years relevant experience with IT security administration; experience working in a demanding, fast paced environment; experience with Active Directory (AD)
Associate’s Degree or equivalent combination of education and work experience
Bachelor’s Degree in Computer Science, Information Systems or related field is preferred
Security+, CISSP
Applied working knowledge of information security policies and procedures
Understanding of fundamental IT concepts, systems, tools and technologies
Knowledge of PwC, Internal Audit, SOC1, SSAE16, Access Control Reviews, IdentityIQ and Excel
Working knowledge of products and concepts relating to the insurance industry
Assume a methodical approach to evaluate situations
Understand the needs and goals of a customer and actively look for ways to meet them
Identify opportunities for synergy and integration
Quickly change direction when working on multiple tasks or issues
Share knowledge and educate others
Communicate complex information in a user-friendly format

131

Senior Information Security Analyst Resume Examples & Samples

Guide and advise partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents
Engage in assessments related to risk, controls, implemented control procedures, vulnerability etc
Lead or contribute to risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy
Actively contribute to the definition, development, and oversight of a global security management strategy and framework
Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats to TD
Develop on-going technology risk reporting, monitoring key trends and defining metrics to measure control effectiveness for your own area
Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps
Consult on regulatory compliance requirements, reporting and questions
Provide support and consulting for Audits, help compose management responses and appropriate remediation activities
Participate in computer security incident responses relevant to business (or enterprise wide), represent your respective position to the business while conveying their needs to the incident response team
Adhere to policies, procedures, technology control standards and regulatory guidelines
Contribute to internal activity and process review, flag windows for improvement
Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies related to technology controls / information security activities
Influence behavior to reduce risk, foster a strong technology risk management culture
Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness
Manage relationships with other technology/business/corporate/control functions
Assess, identify and escalate issues appropriately

132

Senior Information Security Analyst Resume Examples & Samples

Perform security risk assessment and technical reviews on projects that involves transfer of confidential data or third party access to AXA’s infrastructure
Perform security vulnerability scan on network infrastructures to identify security weakness and work on the necessary remediation
Provide periodic review on server security & audit event log to detect any security violation event and carry-out investigations to determine the root cause, impact and prevent the event for the future. Monitoring and investigating security violation attempts
Responsible for virus incident response management to control virus out break and recovery process. Identifies and resolves potential security breaches and vulnerability issues in a timely and accurate fashion
Assist to configure and maintenance of firewalls, VPNs, reverse proxy, intrusion prevention, and content filtering solutions
Assess potential exposures to cyber threats arising from arrangements to ensure adequate safeguards and a defined process for reporting security incidents
Conduct review on the configuration and rules settings for all security devices
Ensure timely security patching of operating system, network, security devices, corporate devices and channels as well as application systems to protect against any system vulnerabilities. Update checklists on the latest security hardening of operating systems
Logging of all transactions and activities for audit purposes
Manage real-time alerts on security incidents based on correlation analysis
Ensure timely review of DLP alerts, logs and system capabilities
Work closely with various IT Operations Team to deploy technical controls to meet specific security requirements
Proactively assesses and report potential security risks and opportunities of vulnerability
Recommend improvements and upgrades to the security posture of the organization
Handle resolution of security related Service Desk tickets
Coordinate with Security vendors on management of security tools/solutions
Professional Certifications: Security +, ITILv3, CCNA Security
Minimum 3–5 years of combined IT and security work experience administering and implementing IT Security controls
Knowledge of security and technical aspects of IT infrastructure, network, databases and systems
Domain knowledge among the following: data protection, infrastructure and cloud security, identity and access management, governance, risk management and compliance, consulting on security strategies, roadmap and architecture
Analytical with good interpersonal and managerial capabilities
Team player and able to work with all levels of staffs
Dynamic, resourceful and able to work with independently
Matured, willing to learn, hardworking and able to do multi-task assignments
Able to work under pressure and meet strict deadlines

133

Senior Information Security Analyst Resume Examples & Samples

Determine security requirements by evaluating business strategies and requirements, researching information security standards, and understanding potential threats and vulnerabilities, along with identifying integration issues
Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities. Provide guidance and recommendations related to application and infrastructure security architecture and lead proof of concept projects
Demonstrated ability to provide security consulting and advisory services to developers, development team leads, project teams, vendors and suppliers
In-depth knowledge of systems design, architecture, and the implementation of business systems
Technical knowledge and experience in operating system security
In-depth knowledge of networking and network security concepts
Strong organizational, analytical, critical thinking, leadership skills, learn quickly and comprehend many technical and business concepts
Self-motivated, excellent time management, great interpersonal skills, capable of working independently or in a team, passionate
Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences, effectively discuss security challenges with developers and testers
10+ years of experience in Technology related field including prior lead experience
5+ years of Information Security experience
Bachelor’s degree or equivalent in MIS, Computer Science or related field

134

Senior Information Security Analyst Resume Examples & Samples

Information Security Policy & Controls Framework
Risk Governance for key regulatory programs such as GDPR & NYDFS
Risk assessments & risk metrics
Manage the day to day information security contract review process (including its alignment to security controls framework)
Publish monthly/quarterly/annual metrics from the program to Key Stakeholders and SME’s
Manage multiple negotiation engagements through to completion, ranging from reviewing security/privacy obligations to performing vendor security gap analyses
Ensure adherence to security policies in planned or assigned engagements and projects
Publish and maintain processes & procedures (as required)
Experience reviewing and negotiating Information Security Agreements, ideally within a regulated industry
Proficient in EU & US regulations that drive requirements from customers and for governance of 3rd parties (e.g. GDPR, SafeHarbor, NYDFS)
Understanding of risk management and effective Information Security strategy, practices, technologies and controls frameworks
Experience monitoring data protection & cyber security obligations (contracts, regulations & legislation); and apply those requirements in Information Security policy development
Critical thinking and thorough analyses to provide decision support and guidance to Thomson Reuters businesses, customers and executives
Experience working with External Parties to ensure effectiveness of security policy, strategy and governance
Ability to work with and communicate effectively at executive levels
Experience with information security, privacy or risk management in a financial services or internet driven environment
CISA or CISM

135

Senior Information Security Analyst Resume Examples & Samples

5+ years demonstrated hands on experience in infrastructure operations of Microsoft Active Directory in a large Enterprise environment
In-depth understanding of Microsoft Active Directory and modern Microsoft operating systems for servers and desktops
Working knowledge of Enterprise level password vaulting tools a plus
Familiarity with log collection and auditing tools
Knowledge of Active Directory Certificate Services

136

Senior Information Security Analyst Resume Examples & Samples

Utilize company supplied resources from internal CBTs, Libraries, to external training opportunities, enhanced by required certification as applicable, ie: ISC2, SANS, ISACA…
Contribute knowledge and recommendations for risk based assessments on emerging technologies, vulnerabilities, threats, and associated risks (examples cloud, mobile, containerization)
Develop opinion papers, technical reviews, security awareness articles to share knowledge and improve the overall security culture of the company and global security community
Obtain experience knowledge related to the various aspects of the company’s lines of business to enhance impact understanding of potential technology risks
Participate in professional information security organizations such as ISC2, ISACA, ISSA, InfraGard, OWASP, as leaders, teachers, speakers to increase networking and community involvement

137

Senior Information Security Analyst Resume Examples & Samples

The Information Security Analyst will be responsible for the management, support and security of the Firm's network infrastructure and data in compliance with policies and procedures
Provide domain name administration for the Firm's registered domain names
Manage SSL certificates including, facilitating purchase, generation of encrypted CSR
Review, maintain, and update all IT Department Operational and Security Policies
Assist CIO with client RFP security questionnaires and audits
Produce security access reports as directed
Conduct review and research on new products
Work with vendors to perform product POC and validation
Document POC results including design and workflow diagrams and installation procedures
Work with internal teams to assist in the deployment of new Network Support applications as directed

138

Senior Information Security Analyst Resume Examples & Samples

Evaluating and documenting security controls
Participating in or leading security assessments and audits
Completing non-technical analysis activities with a keen attention to detail
PMP certification
Knowledge of and experience with a FISMA tool such as RSA Archer or RiskVision

139

Senior Information Security Analyst Resume Examples & Samples

Leading information security projects
Providing direct support to project teams and stakeholders
Managing security assessments and audits

140

Senior Information Security Analyst Resume Examples & Samples

Integrate information security systems software and hardware. Perform routine and complex end-to-end support of a variety of security users and applications
Perform development and maintenance activities for security applications and tools. Troubleshoot complex systems and networking problems. Perform investigative research, analysis and troubleshooting to identify, resolve, and report highly complex security issues. May evaluate and monitor system or tool performance
Monitor system and network configurations to ensure compliance with information security policies, standards and procedures
Perform technical evaluations and testing of security hardware and software
Identify operational inefficiencies and potential risks, execute and improve operational processes and mitigate risk. Define and adjust processes required to detect, analyze, and respond to security incidents
Perform security assessment of applications, technologies, vendors, and business processes
Perform routine and complex project support for security and infrastructure efforts. May provide audit support. Provide technical guidance about risks and control measures associated with new technologies
Collect, compile, and generate information security reports on system and network accesses. Prepare briefing material for presentations to management and senior leadership
Perform network and host-based penetration testing using internal and commercially available tools and/or coordinate and manage third party penetration testing activities
Support periodic metrics reports regarding Information Security risk reduction and security risk trends identified during ongoing examinations, audits, and assessments
Lead and engage in cyber hunting & incident response exercises
Work with Compliance and Legal teams on security contractual requirements and ensure compliance with applicable laws and regulations
Develop standards and guidance for Information Security controls

Download Senior Information Security Analyst Resume Sample as Image file

Related Job Titles

Senior Security Analyst Resume Sample

Senior Manager, Information Security Resume Sample

Senior Info Security Analyst Resume Sample

Information Systems Security Analyst Resume Sample

Information Security Engineer, Senior Resume Sample

Cyber Security Project Manager Resume Sample

Information Security Senior Resume Sample

Senior Information Security Resume Sample

Information Security Analyst Senior Resume Sample

Security Information Analyst Resume Sample

Security Senior Analyst Resume Sample

Browse More

Senior Information Security Analyst Resume Samples

The Guide To Resume Tailoring

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Resume Builder

15 Senior Information Security Analyst resume templates

Read our complete resume writing guides

How to Tailor Your Resume

How to Make a Resume

How to Mention Achievements

Work Experience in Resume

50+ Skills to Put on a Resume

How and Why Put Hobbies

Top 22 Fonts for Your Resume

50 Best Resume Tips

200+ Action Words to Use

Internship Resume

Killer Resume Summary

Write a Resume Objective

What to Put on a Resume

How Long Should a Resume Be

The Best Resume Format

How to List Education

CV vs. Resume: The Difference

Include Contact Information

Resume Format PDF vs Word

How to Write a Student Resume

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Attack Surface Management Sme Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Perimeter Security & Attack Surface Management Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

SOC Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Gida Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

Senior Information Security Analyst Resume Examples & Samples

How to Make
a Resume

50 Best
Resume Tips

200+ Action
Words to Use

Internship
Resume