Info Security Analyst Job Description
Info security analyst
provides support regarding information security regulations, requirements and best practices, the control framework structure, all information security controls, and the security rationale for each to stakeholders.
Info Security Analyst Duties & Responsibilities
To write an effective info security analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included info security analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Helps set the infrastructure Security strategy of the organization by working with management to ensure appropriate security coverage and mitigate risks to an acceptable level
The candidate will evaluate project designs, applications, network infrastructure and systems, and determine security compliance and overall security risk, based on corporate policies, security requirements documents, industry common practice, and legislative and legal requirements
Work with third party service providers to support the active defense of the infrastructure
Perform daily operational support of SIEM, IDS, Network Security Monitoring infrastructure
Assisting with coordinating state and federal regulatory compliance related activity involving Information Technology (regulatory examinations, related preparations)
Liaison to manage internal audits and audit action plans provide guidance and consultation to all audit activities
Support program level design and implementation guidance for the assessment program as it fits into the IT Risk Framework
Develop mobile security guidelines, requirements and standards for mobile product development, enterprise mobile deployment and proactively mitigate risks associated with information security
Responsible for coordinating and executing SOX, Safe Harbor, and PCI related activities including maintaining an inventory of compliance related systems, evaluating and reporting on their security controls and supporting system/application remediation
Perform business and systems analysis to support the development, implementation, and support of compliance initiatives to meet short-term and long-term business needs
Info Security Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Info Security Analyst
List any licenses or certifications required by the position: CISSP, CISA, CRISC, CISM, PMP, II, ITIL, SP, CND, IAT
Education for Info Security Analyst
Typically a job would require a certain level of education.
Employers hiring for the info security analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Education, Information Security, Information Technology, Information Systems, Technology, Engineering, Business, Management Information Systems
Skills for Info Security Analyst
Desired skills for info security analyst include:
Risk Management Framework
Relevant technology as assigned
Industrial Control Systems security highly desired
Information Assurance
NETOPS
DOD and Air Force DIACAP
Infrastructure
Services and security policies
Techniques
Methods
Desired experience for info security analyst includes:
Regulatory requirements in particular PCI-DSS, GLBA, FFIEC
BA/BS in Computer Science, Information Systems, Business Administration or a related discipline
Engage in ad hoc projects as assigned by manager or team lead, which may include re-engineering projects, and providing cross-functional support to divisional operational/financial management
Participate in and provide assistance on multiple, technically complex, mission-critical, and/or high-profile projects
Ability to multi-task and work on analysis of various IT domains at the same time
Former compliance consulting experience
Info Security Analyst Examples
1
Info Security Analyst Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of info security analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for info security analyst
- Participate activities in Access Management to provide access management business requirements and insure compliance with industry and company security standards
- Complete access request processing as per pre-defined sets of procedure and within agreed Service Level Agreements (SLA), resolve problem tickets
- Document access management procedures for assigned applications and/or platforms
- Be proactive to identify audit and compliance access related issues to reduce the risk of security exposures on the support systems and applications operational efficiency and works with various teams to implement the improvement
- Document access management procedures for assigned applications
- The optimal candidate will be expected to Lead investigations of cyber attacks
- Leverage tactical and technical capabilities to eradicate threats
- Collaborate with business partners across tech and business unit to drive detective controls
- Correlate data from intrusion detection and prevention systems with data from other sources such as firewall, web server, and DNS logs in order to identify misuse, malware, or unauthorized activity on monitored networks
- Monitors and investigates DLP and endpoint events
Qualifications for info security analyst
- 3+ Years of experience within an operational Insider Threat Program
- BS in Computer Science, Business Administration or equivalent
- CISA, CISSP or equivalent certifications
- 5 to 10 years of experience in Information Security, with a focus on security monitoring using SEIM, IDS/IPS, full packet capture solutions, malware analysis tools, endpoint security tools
- Minimum 5 years of Security industry experience
- Minimum 2 years’ experience in the financial services industry, in a role specific torisk management, audit or information security REQUIRED
2
Info Security Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of info security analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for info security analyst
- Assist with the development, testing and implementation of new cyber-security processes and procedures
- Proactively identify audit and compliance access related issues to reduce the risk of security exposures on the support systems and applications
- Receive, create, and disseminate threat intelligence from manual and automatic sources (internal and external)
- Ensures all implemented patches
- Operates HBSS on all assets in accordance with approved operating procedures
- Acting as a subject matter expert on the security requirements of the GSO Policies and Standards
- Perform risk analysis for issues identified in vulnerability and penetration testing results
- Participate in processes to update and improve GSO Policies and Standards as a contributor
- Provide guidance on the needed remediation for issues identified in the vulnerability and penetration testing results, including the ability to evaluate false positives and verify that proposed solutions mitigate identified risks
- Cleary communicate security requirements, objectives, and risks to audiences across the business with varying technical and security experience levels
Qualifications for info security analyst
- Proficiency with Microsoft Office (MS Excel, MS PowerPoint)
- Good working knowledge of the UNIX/Linux/Windows systems and security administration, Roles Based Access Controls, Privileged access management tools
- Knowledge in building automated solutions using various scripting languages (VBA, vbscript, Perl and Shell script)
- Candidate must have proficiency with Microsoft Office (MS Excel, MS PowerPoint, ) and excellent verbal and written communication skills enabling candidate to prepare and present to all areas of the business, including senior management
- Understand IT DB Access Management standards and lifecycle
- Understand the "how" and "why" around the existing processes and procedures
3
Info Security Analyst Job Description
Job Description Example
Our company is searching for experienced candidates for the position of info security analyst. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for info security analyst
- Assist with the implementation and monitoring of complex security projects in support of company business units while upholding and complying with established corporate policies and procedures
- Perform day-to-day SIEM (security information event monitoring), correlation and investigation of security events
- Review Vulnerability Assessment reports of all company devices
- Provide the first line of response to an incident using a predefined process and methodology
- Develop the processes and methodology for Incident Handling in conjunction with the other Information Security Groups, provide training and yearly exercises for incident response
- Work with other groups to ensure base security metrics are being met
- Process abuse inbox emails (spam, phishing)
- Aid in maturing an Enterprise-impacting security awareness program including internal customer surveys, scope refinement, business case documentation, program key control objectives, stakeholder communications, and metrics
- Lead cross-functional/cross-organizational projects and/or pilots to support security awareness program initiatives
- Establish and maintain internal relationships third parties as necessary to support the security awareness program
Qualifications for info security analyst
- Knowledge and skill in incident management, response, analysis, and reporting
- Ability to conduct Information Systems vulnerability assessment, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking
- Network/data center operations
- Currently holding a DOE Q-level or Top Secret security clearance
- Currently holding Security+
- Working knowledge of networking technology and protocols
4
Info Security Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of info security analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for info security analyst
- Develop, document and implement initiatives to measure program risk assessment awareness, adoption, and improvement
- Work alongside a world-class credible and high performance security team comprised of
- Analyze collected information to identify critical risks (findings)
- Partner with vendors and business teams to develop and track remediation plans
- Conduct on-site assessments of domestic or international vendor facilities as directed
- Collaborates with IT team to implement technical controls and projects to ensure security issues are addressed
- Work with leadership to develop strategies and plans to enforce security requirements and reduce identified risks
- Assists in the coordination and completion of information security operations
- Responsible for daily monitoring and deployment of Security Information
- Collaborates and coordinates with technology and business leads on the investigation and resolution of reported vulnerabilities and standards non-compliance
Qualifications for info security analyst
- Minimum 2-3 years of experience with IT policies, standards and/or procedures and working knowledge of industry-recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS, NIST, REQUIRED
- The engineer will have significant knowledge of Big Data technologies and tools with the ability to share ideas among a collaborative team
- Basic knowledge of IT controls such as CIP (NIST, SAS70, SOX, HIPPA, ), preferred
- Hands-on experience in troubleshooting network devices
- Ability to effectively communicate and translate highly technical information in a professional manner at all levels
- Ability to follow Standard Operation Procedures accurately and efficiently
5
Info Security Analyst Job Description
Job Description Example
Our innovative and growing company is looking for an info security analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for info security analyst
- Coordinates scanning policies and schedules with business and operations teams
- Responsible for analyzing the results of audits related to control weaknesses, to produce recommendations on whether risk should be accepted, or remediated prior to placing systems/applications into the production environment
- Works within vulnerability management team to ensure vulnerabilities are properly tracked, reported, and closed
- Develops remediation reports, out briefs, and scorecards addressing risk, vulnerability, and organizational processes
- Clearly advises stakeholders and technical teams on vulnerabilities, criticality, impacts, and remediation to meet information security standards
- Applies excellent project management skills to ensure organizational vulnerabilities are documented, tracked, and addressed
- Interacts with existing Governance Risk and Compliance (GRC) team to collect metrics and deliver risk acceptance issues
- Conducts data analysis on information security compliance / risk trends and significant variances for senior
- Perform penetration testing of existing and new solutions
- Develop/Implement continuous monitoring plan across multiple security domains (familiar with tools used in compliance and vulnerability assessments)
Qualifications for info security analyst
- 1 - 3 years of experience in a large IT enterprise or Government environment
- Perform shift work in 24/7/365 environment
- Ability to obtain and maintain a DOE Q-level clearance
- Obtain Security+ within 6 months and/or maintain active Security+ certification status
- Assured Compliance Assessment Solution (ACAS) experience a plus
- Experience with penetration testing or vulnerability management preferred