The Information Security Senior Analyst will be a key member of the VMware AirWatch InfoSec Team. This individual will be responsible for working effectively with numerous cross-functional stakeholders across the company (Finance, IT, HR, Security, Operations teams, Product Groups, etc.) to engage on all aspects of security audit, governance, compliance, and requests for proposal.
The ideal candidate should be organized and extremely detail oriented with broad knowledge of information security controls, compliance activities, security tools, and related best practice standards and methodologies.
The Information Security Senior Analyst is an integral part of the company’s Information Security Program by supporting ongoing compliance activities, security monitoring efforts across different regulations and standards (ISO, PCI, FedRAMP, SOX, EU Data Privacy Directives, NIST, SOC2, FIPS, FISMA, HIPAA, and Security of Network and Information Security Directives) as applicable.
They will provide leadership and subject matter expertise for the design, implementation, operations, management, and maintenance of security solutions in all aspects of Information Assurance and Information Security. This includes being able to assess and mitigate system security threats and risks, validate system security requirements, analyze and collaborate on system security designs, verify compliance with system security requirements, perform system audits, testing, support security compliance audits, and act as liaison with other departments and business units to supporting ongoing system security operations and maintenance.
The Information Security Senior Analyst will be tasked with the following roles and responsibilities:
• Vulnerability Assessment
o Reviewing and interpreting vulnerability and penetration test reports and results
o Conduct in-depth vulnerability research to determine comprehensive details of identified vulnerabilities
o Provide subject matter expertise on vulnerability mitigation and remediation to operations teams
o Coordinate with system compliance tasks with operations and project management teams
• Key contributor during compliance related initiatives
o Control reviews
o Strong writing skills for process, procedural document review/updating, audit findings, and vulnerability management/remediation reports
o Audit preparation
o Auditor interaction
o Review audit findings and initiate remediation activities
o Reporting and metrics deliverables
o Perform external 3rd party audits to determine service offering gaps related to the organization, and determine necessary security enhancements.
• Manage the Security Awareness program and other training objectives
o Conducting training for new and existing users
General security awareness training
• General Information Security tasks and deliverables
o Ticketing systems for internal user/ customer requests
o Obtain a solid understanding of the various AirWatch SaaS as-built architectures
o Security advisor for the organization – assist operations and sales teams
o Access reviews for SaaS environments
o Escalation support for the RFP Team (security questionnaires)
o Creation, review, update all policy, process, and procedural documentation as needed to maintain compliance with all applicable standards and regulations
o Act at the subject matter expert to mentor and train junior analysts
o Detail oriented approach to analyzing and red-lining contracts and security documentation
o Remain current in emerging compliance and privacy requirements, cloud computing technologies, computer engineering principles, and prepare reports and summaries for various business units in anticipation of any changes