Security Information Analyst Job Description
Security Information Analyst Duties & Responsibilities
To write an effective security information analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included security information analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Information Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Information Analyst
List any licenses or certifications required by the position: CISSP, CEH, GSEC, GIAC, SSCP, OSCE, OSWP, OSCP, ISACA, ISSA
Education for Security Information Analyst
Typically a job would require a certain level of education.
Employers hiring for the security information analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Information Security, Education, Technical, Information Technology, Information Systems, Business, Engineering, Management, Cyber Security
Skills for Security Information Analyst
Desired skills for security information analyst include:
Desired experience for security information analyst includes:
Security Information Analyst Examples
Security Information Analyst Job Description
- Identify and assess the impact of information security threats, vulnerabilities and risks and assess business security risks with a view to recommending security controls that will enable the Business to manage those risks effectively
- Review new and existing standards, regulations, guidance, best practices, policies and customer initiatives to maintain expertise and add business value
- Partner, provide guidance and assist business areas with the creation, integration, modification, and/or review of department policies, standard operating procedures, and desktop material pertaining to all legal/regulatory and compliance audit requirements
- Uses hardware/software, such as Advance Threat Protection, Intrusion Prevention, and SIEM systems to monitor for unauthorized access attempts, unauthorized activities, and other security events
- Defining cloud security policies, procedures, solutions
- Review / audit firewall changes
- Advancing the incident prevention, detection and containment related processes across systems
- Conduct gap analysis and remediation of security monitoring systems and processes
- Undertake vulnerability scanning activities to assess PCs, computer systems, networks and applications for weaknesses
- Maintain team tools to support incident response and forensic procedures
- Three or more years conducting security testing / vulnerability management
- Strong system engineering capabilities
- Experience with technology security configuration benchmarks
- Ability to work with outside auditors relative to formal privacy and security auditing situations
- Ability and skill to influence personnel through a matrix organization as opposed to line management authority
- Certification in the information security areas such as the CISSP (Certified Information Systems Security Specialist)
Security Information Analyst Job Description
- Negotiate audit findings and audit reports with business owners and management
- Provide analysis of system and network threats and provide Security Certification and Accreditation of a variety of Department of Defense and Intelligence Community automated information systems (AIS)
- Conduct periodic scans of the network systems using tools such as ACAS and SCC scans to identify vulnerabilities and ensure security compliance
- Identify and document security vulnerabilities, business risks and remediation strategies of enterprise solutions
- Partner closely with the Enterprise Architects, Project Managers, Infrastructure Leaders, and Application Development teams to ensure a consistent approach to security solutions
- Oversee security related tasks for existing and future systems, networks and software
- Provide expertise and support in customer hosted environments to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards
- Implement and monitor corporate business processes, recommend improvements and assist stakeholders to achieve information security goals and objectives related to Information Technology general controls
- As a strategic partner on the information security team to the company, consult on projects that automate business processes and drive employee efficiency to design and implement new controls to achieve compliance objectives
- Provide expertise in support of new product development activities to ensure products comply with information security and privacy standards
- Minimum 2 years in an information security support role
- CISSP ENCE, GCIH, GCIA, CISM, ITIL
- In-depth understanding of Information Security concepts
- Experience responding to security incidents
- Developing information security policies and procedures
- Knowledge & understanding of relevant legal and regulatory requirements such as Sarbanes-Oxley Act (SOX), Data Privacy and PCI-DSS
Security Information Analyst Job Description
- Creation of new videos, training material or communications where necessary to support a specific business need
- Unified Threat Management device monitoring which includes Firewall, NIDPS, URL Filtering, file monitoring
- Provide continued application support for key IT Security applications
- Document and maintain Operational processes, procedures, and flowcharts
- Recommend application and operating system security configurations
- Represent the Information Security team at Change Advisory Board meetings to determine security and risk are evaluated in each change to the environment
- Coordinate the internal design of Information Technology general controls
- Support third party security risk assessments and IT audit, and provide tracking for findings and resolution
- Architect and drive the implementation and maintenance of appropriate layers of defense to protect the organization’s information assets
- Ultimately responsible for the development of security awareness-focused educational curriculum and syllabus
- Experience securing enterprise-scale systems
- Experience coordinating with remote team personnel
- Understanding of the technologies and architectures supporting information security protection
- Practical experience undertaking IT compliance audits
- Understanding of the 27001 standard and 27002 code of practice
- Formal Information Security or IT Audit qualifications or willingness to pursue such qualifications – CISSP, CISM, ISO27001
Security Information Analyst Job Description
- Provide security consulting, awareness and outreach to all areas of the business
- Offers technical information security consulting services to distributed personnel who are responsible for information security systems
- Understand and analyze business setting from an information security perspective
- Interact closely with the business, IT, the Identity and Access Management team to onboard applications to the bank’s recertification platform (Gatekeeper)
- Coordinate the bank’s recertification process by interacting with stakeholders involved such as the business, Identity and Access Management team and IT
- Assisting the business in onboarding new applications to the bank’s recertification platform (Gatekeeper)
- Assigning recertification approvers based on discussions with the business
- Assisting the business in completing recertification tasks
- Following up on outstanding recertification items with the business
- Identify and mitigate information security risks to ASIS supported systems, infrastructure and data
- Proven knowledge of network and server infrastructure technologies and devices including firewalls, routers, switches
- Associate Degree in Computer Science or Information Technology Field
- 2 years experience in IT with a security focus
- Minimum of two years relevant technical experience
- Minimum of one year of experience in an information security role
- Working knowledge of Network related technologies and concepts
Security Information Analyst Job Description
- Administers, monitors, and maintains core information security tools including but not limited to Intrusion Detection and Prevention System (IDS/IPS), two factor authentication system, remote access, monitoring and Logging, anti-virus, encryption, SIEM, forensics
- Monitors log files and Information Security Systems for threats/risks, vulnerabilities, viruses, and network hacks within the Company environment and generates tickets to address alarms Monitors real-time policy based monitoring systems and responds to non-compliant activities, events, or notifications
- Ensure security processes and procedures are incorporated into project plans for new solutions
- You will have ability to assess details, systems and other factors as part of a single and comprehensive picture
- Collects and compiles metrics for IT and business reporting
- Tracks, analyzes, and reports the status of legal and regulatory compliance of Information Security policies, procedures, and configurations
- Apply defined information risk management methodologies and frameworks to identify and implement controls in support of confidentiality, integrity and availability
- Conduct assessment of the impact of proposed change requests to information security
- Conduct security control assessments to identify compliance control gaps, work with process owners to determine corrective action plans, and support the integration of a security controls framework
- Complete Internal and customer reporting on Information security operational and process performance
- Understanding of oversight entities such as FFIEC, SOX, & PCI-DSS
- Project-manage select CAMS and TDI TS control remediation efforts and/or NACC and TDI TS involvement within Enterprise control remediation efforts
- Degree with cyber security or security focus are a plus
- 2 - 5 years data protection experience and working knowledge of DLP concepts
- College Diploma or University Degree related to Information Technology or Cyber Security
- Knowledge of data protection regulatory requirements