This site uses cookies. To find out more, see our Cookies Policy

Cyber Security Analyst in Durham, NC at Vaco

Date Posted: 7/25/2018

Job Snapshot

Job Description

The Information Security Analyst is responsible for developing and maintaining the controls, policies, and procedures that safeguard computer networks and systems. This includes designing, writing, updating, and reviewing key IT security policies; governing projects and reviewing technologies against security policies; conducting control and risk framework assessments; ensuring alignment to selected framework; conducting DR and BCP tests; maintaining a risk register; maintaining data classification; ensuring compliance with state/national/international regulations and rules; ensuring an effective records management program.

Responsibilities:
* Develop and maintain information security plans and policies, including managing the policy management platform
* Maintain the governance, risk, and compliance program, including the GRC platform
* Review, maintain, and improve risk register
* Design and maintain data classification program
* Review and recommend changes to maintain adherence to ISO 27001, NIST 830, CoBIT
* Review and maintain privacy policies and ensure alignment to global regulations
* Ensure continued alignment to global regulations such as GDPR, PCI, NAIC, HIPAA, SOX, etc.
* Sit on architecture and project governance boards, reviewing projects and technologies for security policy and standard alignment
* Provide participation and oversight to records management programs
* Maintain DR and BCP plans and participate in DR and BCP tests
* Review requests for access and for exceptions to policies and provide initial approval/denial
* Leverages the SIEM tool and builds queries and reports
* Partners with architecture for design and review of projects with respect to adherence to security policies, standards, and best practices
* Prepares reports of security performance, activities, incident findings, and other security related outputs and presents to management
* Reviews technologies and development projects for alignment to security policies, standards, and best practices

Required:
* 4+ years of experience in information security areas such as GRC (governance risk and compliance), security policies and procedures, identity and access management, and/or DR and BCP
* Experience planning and developing security policies, procedures, and standards
* Experience with control frameworks (such as ISO 27001, CoBIT) and risk frameworks (e.g., NIST 830)
* Experience with DR and BCP concepts and tests
* Experience with information technology audit and compliance activities
* Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management
* Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs

Preferred Qualifications
* Bachelor's degree in Information Systems, Security, or related field, or 10 years equivalent work experience
* Experience with scripting languages, databases and SQL, and development languages
* Relevant certifications such as GISP, GSEC, CISA, ECSA, etc.
* Ability to obtain a security clearance
* Experience with cybersecurity technologies and offensive security exercises
* Experience working in a hybrid on- and off-shore model

Job Requirements

Required:
• 4+ years of experience in information security areas such as GRC (governance risk and compliance), security policies and procedures, identity and access management, and/or DR and BCP
• Experience planning and developing security policies, procedures, and standards
• Experience with control frameworks (such as ISO 27001, CoBIT) and risk frameworks (e.g., NIST 830)
• Experience with DR and BCP concepts and tests
• Experience with information technology audit and compliance activities
• Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management
• Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs