Information Security Analyst
Des Moines, IA
12 Months
 
Skype Interview
 
Complete Description:
Review vulnerability scan results and make recommendations to mitigate risk.
Review system logs to determine information security risks and make recommendations to remediate.
Review risk assessments and recommend changes in policy or procedure to improve compliance to security controls and/or security best practices.
Facilitate completion of risk mitigation tasks by working with vendors and in-house staff. In some cases, conduct the risk mitigation task directly.
Be familiar with security controls (CIS, for example) and analyze possible gaps in controls in SOS environment.
Review daily information security news/alerts and understand how new vulnerabilities may affect SOS infrastructure.
Lead person to conduct PCI compliance self-assessment questionnaire (in collaboration with other staff).
Provide regular "information security training tips" to SOS staff that is relevant to current events and risk mitigation.
Facilitate communication between SOS IT Staff and security vendors.
 
Responsibilities:
Daily review of security logs
Ability to use a SIEM products/security dashboards to view and analyze data
Ability to interpret log data to determine risk
Ability to plan/facilitate/perform mitigation tasks
 
Review security risk assessments and plan/execute mitigation tasks
Ability to prioritize mitigation tasks identified in risk assessment documentation
Ability to plan/facilitate/perform mitigation tasks
 
Review security vulnerability scans
Ability to prioritize remediation tasks identified in vulnerability scans
Ability to show risks are remediated
Ability to plan/facilitate/perform remediation tasks
 
Keep informed on daily security news and vulnerabilities
Ability to understand how new vulnerabilities may affect SOS environment
Prioritize/Facilitate/Plan remediation of new vulnerabilities that affect SOS environment
 
Security Controls:
Review security controls and analyze possible gaps in SOS environment
Prioritize/Facilitate/Plan mitigation of security control gaps
 
Compliance:

• Lead staff person overseeing PCI compliance
• Responsible for PCI SAQ
• Responsible for tracking quarterly PCI vulnerability assessments

 
Schedule, review, remediate issues
 
Information Security training

• Provide regular email/blog “security tips” so staff to improve their information security understanding and awareness
• Provide short presentations on information security topics as requested for division/department meetings

 
Other duties:

• Work with leadership, technical staff to plan/execute proactive security plans
• Point of contact for SOS in working with firewall vendor
• Facilitate firewall upgrades
• Facilitate firewall reviews (IPS follow ups)
• Review firewall logs
• Review/Comment on security policy implementation

 
Skills:

• Experience with system and network administration (network, servers, etc). Required 5 Years
• Extensive knowledge of information security principles. Required 5 Years
• Experience in security audit, assessment and vulnerability scan methodologies, standards, procedures and best practices. Required 5 Years
• Experience in information security operations. Required 5 Years
• Strong oral and written communication skills and ability to communicate with all levels of stakeholders. Highly desired 
• CISSP, CISA, CISM, Security or other information security certification. Nice to have
• Ability to work independently with limited supervision and limited direction, and in collaborative team environments. Highly desired
• Experience using security tools that include (but not limited to): SIEM product, vulnerability management, network monitoring, etc Required 5 Years
• Ability to analyze data and understand where security risks exist. Required 5 Years
• Ability to train non-technical staff (verbally or in written form) about information security principles. Desired 
• Understanding of information security controls - and how to implement controls where gaps exist required 5 Years
• Experience with PCI self-assessment questionnaire Desired

Ashok
ashok@keybusinessglobal.com916-646-2080 EXT 222