IT Security Analyst



The Application Security Analyst is responsible for analyzing the information security environment and developing security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Confers as required with management, development personnel, risk assessment staff, auditors, facilities and security departments, and other relevant personnel to identify and implement security plans for data, software applications, hardware, network, telecommunications, and computer installations. Determines methods of implementing and enforcing security policies. Advises resource owners on formation of appropriate corporate security strategy.



  • Identify existence of securable resources and assist LOB staff in selecting appropriate resource owners –Work with resource owners in LOB organizations to determine appropriate security policies for securable resources
  • Consult with IT technical services staff to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions
  • Assist resource owners and IT staff in understanding and responding to security audit failures reported by internal and external auditing departments
  • May review operation logs and event console activity to determine cause of security events or to identify potential security related events
  • Advise security administration staff on normal and exception processing of security authorization requests
  • Document corporate security policies; maintain resource classification scheme; may be required on occasion to present information on security status, project status, and security training to audiences from management to field staff as appropriate
  • Proactively protect the integrity, confidentiality, and availability of information in the custody of or processed by the company by; responding in a timely manner to a loss or misuse of Information assets, participating in investigations of suspected information security misuse or in compliance reviews as requested by auditors, communicating unresolved security exposures, misuse, or noncompliance situations to management
  • Consult with IT management to ensure selection and use of realistic enforcement mechanisms
  • Aid in review of security policies and resource classification scheme; keep management informed of project status
  • Provide technical expertise and guide the administration of security tools that control and monitor information security, including; updating access control tables, setting up user logon Ids and assigning/resetting passwords, designing computer system access reports to identify possible security violations
  • Research, evaluate, design, test, recommend, and plan implementation of new or improved information security technologies; analyze new software applications or tool implementations for implications to existing security technologies
  • Train information owners in the implementation of necessary computer security controls or new/upgraded security technologies; develop and implement information security educational programs, conducting awareness seminars and workshops as appropriate
  • Maintain technical reference library: develop technical information materials and workshops on these new areas for IT as appropriate (i.e., website)


  • Bachelor’s degree In Computer Science, Engineering, or related discipline; MBA desirable: equivalent experience acceptable; three years of information security experience
  • Minimum five years of experience in IT, with a broad range of exposure to business planning, systems analysis, and application development; three years of experience with information security
  • Two to three years of relevant business environment experience
  • Experience In data administration and security methods, plus experience in various database design techniques; CISSP, CSA, or CISA preferred
  • Working knowledge of RDBMS technology and remote access control systems, VPN strategies, firewall and perimeter and endpoint protections technologies.
  • Working knowledge of intrusion detection prevention, data loss prevention and vulnerability management.
  • Familiarity with multi-platform environments and their operational/security considerations
  • Experience as an auditor is highly valuable
  • The following qualities or experiences are desirable; demonstrated competency in strategic thinking with abilities in relationship management, successfully developed and implemented new technology, demonstrated competency in developing effective solutions to diverse and complex business problems
  • Ability to relate business requirements and risks to technology implementation for security-related issues
  • Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
  • Technical proficiency in security-related technologies; ability to function as a consultant to other IT groups on security matters as a recognized technical expert
  • Proven ability to work under stress in emergencies; flexibility to handle pressure coming from all directions simultaneously
  • Confidence and leadership as a member of project teams in a cross-functional environment


Information Technology


Oak Park Heights, MN US


Andersen Corporation


Leave a Reply