INFO SECURITY ANALYST

Level:  Sr

Location:  Wilmington Delaware

POSITION SUMMARY:

This role will be responsible to ensure new solutions developed or purchased are implemented according to all security controls requirements. The individual is expected to deliver concise security requirements, review project designs against security requirements, and ensure security controls are operating effectively prior to project closure. This role is expected to provide strategy and execution components that support corporate direction, regulatory compliance and security best practices. Management Reporting through well defined metrics is required on a regular basis. This individual must have a high degree of business acumen and be able to articulate and defend security position to technical project teams and to Management. This individual must stay current on technology trends, directions, and best practices as they relate to IT security.

ESSENTIAL FUNCTIONS:

Experience and knowledge in a corporate environment with the following:

  • Provide clear and concise security requirements that meet corporate direction, regulatory requirements and security best practices
  • Review project solutions designs to ensure security requirements are met in both SDLC and Agile formats
  • Implement security solutions, and provide technical leadership during the design, development, and testing phases of major initiatives
  • Ensure security controls are implemented and operating effectively as part of solutions delivery
  • Be able to articulate and defend security positions
  • Research, formulate and present detailed security positions relative to new technologies to Senior Information Security Leaders
  • Cost benefit analysis techniques in assessing options for mitigating risks threats and exposures to acceptable levels
  • Managing and reporting status of identified risks
  • Perform other work related duties as assigned
  • Willingness to be included in 24x7 on-call rotation

KNOWLEDGE, SKILLS, EDUCATION, EXPERIENCE & COMPETENCIES:

  • 4 Year college degree in a technical discipline, or 10 year equivalent practical experience
  • Applicable industry recognized security, or technical certifications
  • Must be able to drive security and create and defend security position within project teams
  • Must be able to communicate effectively orally and written to Executive Management
  • Demonstrated analysis, planning, design, engineering and implementation experience of appropriate security controls within solutions delivery
  • Ability to design and review network designs for perimeter and internal environments

DETAILED KNOWLEDGE OF:

  • Firewalls, network routing, Internet Security and Virtual Private Networking
  • Cryptographic systems and algorithms, key management and practices
  • Infrastructure security including Windows, Linux, Unix systems, Oracle and SQL databases
  • Operational security including access controls, data privacy, monitoring and logging, and availability requirements that meet corporate Business Continuity strategies
  • Knowledge of regulatory requirements, security standards and compliance issues (FFIEC guidelines, Sarbanes Oxley, GLBA, ISO 27001, CobiT v4.0, and Payment Card Industry Data Security Standard (PCI DSS))
  • Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred
  • In addition to security, proficient in other IT control areas (e.g., change management, SDLC, and Agile Operations)
  • Strong project management and time management skills required; ability to work on numerous projects/activities simultaneously; ability to communicate effectively in a project environment and articulate/defend security positions
  • Proven interpersonal skills and ability to take a leadership role; the ability to communicate with management and peers to build and sustain cohesive relationships
  • Superior attention to details
  • Able to work well with and communicate effectively with all levels with the IT Organization
  • Ability to quickly grasp the big picture, yet remained focused on coordinating tasks at the detailed level
  • Industry security certifications preferred (CISSP, CISM, CISA, CEH, etc.)