Information Security Analyst
Smart Resources, VA is seeking an Information Security Analyst to represent the interests of the CISO and information security best practices on all engagements. The Information Security Analyst will provide security advisory services to business and IT units pertaining to system design, engineering and implementation while promoting the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards.
• Typically, 10+ years within Information Technology with a concentration on Information Security and Application Security. Security design and implementation experience required.
• 4-year bachelor’s degree in Computer Science or IT related course of study preferred
• Experience in a broad range of IT systems required
• In depth knowledge of information security industry frameworks and standards NIST, OWASP, ISO-27001/2, SANS, COBIT and ITIL
• Knowledge of information security best practices such as PCI, ITGC’s, HIPAA and Privacy
• Security certifications (CISSP, CISM, Security +) preferred.
Experience with the following required:
• Experience with cloud computing security configuration and administration (Microsoft Azure or AWS) for both SaaS and IaaS models
• Responsible for detailing security user stories/requirements and generating technical specifications for all systems within IT operations.
• Demonstrated ability to design and implement security infrastructure, applications, networks, systems and equipment that impact multiple environments across all of IT.
• Proven experience designing modifications to existing systems, designing reusable components, and elimination of redundancy in designs throughout IT Operations.
Experience with the following preferred:
• Demonstrate technical infrastructure architectural knowledge, playing a vital role in design of production, staging, QA and development infrastructures running in a 24×7 environment
• Experience in multiple large projects in influencing the definition, selection, and implementation of security tools, technologies, and processes
• Establish level of service standards and operating procedures for overall system availability and individual system components
• Produce security architecture and design documents to effectively hand over to other departments for successful implementation
• Knowledge of current and emerging industry technologies