Information Security Program Analyst

Location: Rancho Cucamonga, CA
Desired Skills:
Name Level Experience Required
Business Continuity No
Change Control No
CISA No
CISSP No
Compliance No
Credit Union No
Data Security No
Disaster Recovery No
Financial No
Information Security No
ISO 27001 No
Legal No
PCI No
Powerpoint No
Process Improvement No
Risk Assessment No
Risk Management No
Security Analyst No
Security Compliance No
VPN No
Windows No
Description:

Rita Technology Services, a leading IT Search & Consulting firm has an immediate need for a IS Security Analyst in Rancho Cucamonga, California. This is a 6 month contract-to-hire position.

Please note: Only local (Rancho Cucamonga) area candidates will be considered for this position.

Sorry, no Corp to Corp or 1099 candidates.

Summary:

This Security Analyst supports the Information Security Office/Program by performing specific program duties, which include, but not limited to the ISO 27001 ISMS program, audits & assessments, risk and compliance management, and security awareness. This position is specifically responsible for supporting the maintenance of ISMS, as well as the verification and review of information security controls, documentation, and issuance management reports pronouncing on the design and effectiveness of controls via executive metrics, reports and dashboards. In addition, this position will provide support for internal and external audits, including gathering and discussing evidence to make process improvement recommendations, and managing remediation responses and activities. This position will also assist with the development and socialization of security standards; the testing of security controls based on software/hardware requirements, technical specifications and/or change control requests; the development, review and maintenance of clear and easily understood application and process documentation consistent with department standards; as well as be responsible for the evaluation and response of information security risk associated with key vendors.

 

Duties & Responsibilities

  • Identifies information security risk, mitigation and acceptance processes in coordination with security operations, including incident/case management process.
  • Performs analysis of data dumps provided by other areas for escalated incidents/events.
  • Performs maintenance of key information security metrics and reports for operational managers and ESO.
  • Assists in the development of policies, procedures and standards to ensure and enhance security.
  • Conducts annual review of information security policies and standards.
  • Trains, educates and provides awareness to all users, regarding information security requirements and expectations.
  • Conducts risk planning, mitigation and remediation to address information security deficiencies.
  • Monitors regulatory environment for impact on security programs and initiatives.
  • Educates customers on security policy, standards, procedures and controls.
  • Performs information security risk assessments based upon approved methodology.
  • Assists in development of annual information security risk assessment plan.
  • Develops, follows through and monitors information security responses to audits.
  • Keeps abreast of the latest in security, risk, and compliance best practices and standards and makes appropriate recommendations regarding the purchase of new monitoring, auditing, and security tools.
  • Monitors and ensures compliance for all appropriate regulatory requirements including Payment Card Industry (PCI) Data Security Standard.
  • Performs self-assessments, as required by regulatory and industry compliance initiatives.
  • Implements management reporting and metrics for security compliance. This includes metrics development and reporting of security incidents and security awareness training.
  • Implements process and tracking to monitor compliance to policies and standards. Work with subject matter experts to ensure policies and standards are comprehensive, current and appropriate to meet regulatory and security requirements
  • Serves as back-up to ESO on product launch calls to ensure appropriate security controls on new products/services.
  • Manages and tracks policy exception requests.
  • Collaborates with EIS on DR testing to ensure no data leakage or manipulation occurs during testing period; ensure the integrity of data is maintained throughout.
  • Reviews external/internal penetration test results provided by EIS.

 

Requirements:

  • Bachelor’s degree from four year college in Information Systems or related field; or a minimum of seven years progressive experience managing a security program for a multiple unit and location organization; or a combination of education and experience
  • 2+ years of Information Security (IS) experience with implementation and maintenance of ISO 27001/2 ISMS; Should include a strong understanding of the enterprise information security strategy and architecture discipline, processes, concepts, and best practices (SANS Critical Top 20 Controls)
  • 2+ years of experience with Information Technology audits and assessments
  • 2+ years of experience in Financial Institution industry
  • Strong problem solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion; a strategic and critical thinker
  • Strong foundation in IT functions and development methodology (analysis, design, development, testing, implementation, post-implementation support)
  • Proven project management skills
  • Strong technical, quantitative, and analytical skills to review data/reports and summarize trends and root causes
  • A good understanding of business, and its corresponding applications and processes
  • An understanding of Security & Privacy regulations and standards, as well as legal requirements for security
  • Centralized logging and security event management best practices
  • Syslog data, Windows event log, database, and web server log analysis knowledge
  • Strong understanding of security vulnerabilities and the impact that they can have on information systems and response methodologies
  • Overall knowledge of: application and operating system hardening, vulnerability assessments, security audits, intrusion detection, data-leak protection, firewalls, networking, VPN
  • Knowledge of information security and risk control frameworks, such as ISO 27001/27002 & 31000, COBiT, NIST
  • Knowledge and experience with technical trends and developments in the area of Information Security  and Risk Management
  • PCI Data and Council Standards knowledge
  • Knowledge of business continuity and IT disaster recovery frameworks and how they relate to Security
  • Experience gathering and documenting business requirements
  • Excellent verbal and written communication skills, as well as presentation skills

 

Preferred Skills:

  • Credit Union industry experience/knowledge
  • Information Security Credential/Certifications (i.e. CISA, CISSP)
  • Incident Response or Forensics experience
  • Familiarity with privacy laws, data protection/security regulations, and frameworks, such as BITS, SOC 2, COBIT etc.

 

The company will only employ candidates who are legally authorized to work in the United States for this position. Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future are not eligible for hire.

Source:http://webconnect.sendouts.com/CN_Frame.aspx?ID=RitaTech&SiteID=WebConnect&Group=WebConnect&Key=CN&CNTrackID=7&MTTrackID=6&CnId=&PostId=6bbda5e3-b287-4902-9ca8-88fb979949ac&ApplyNewCan=0