Information Security Analyst III
The Information Security Analyst provides leadership and direction for the planning, architecture, operation and monitoring of all IT security programs with an emphasis on PCI compliance. This role seeks to protect against the unauthorized access, modification or destruction of the company systems and information assets. On an on-going basis, this position will manage all activities across the company to ensure ongoing data security and validation with current security standards.
- Assess and document security controls and vulnerabilities for data and user access across all BSD systems. Plan for mitigation and improvements utilizing best practices and current standards.
- Monitor change control systems for system and network modifications and ensure they meet and maintain security standards.
- Perform basic computer forensics as needed.
- Evaluate, implement and maintain vendor supplied security hardware components & software packages
- Perform diagnostics for security problems and identify and analyze security risks.
- Coordination of security assessments with internal audit and external vendors.
- Identify and investigate security breaches and fraudulent activity within BSD systems.
- Develop, maintain and manage PCI compliance program and other security initiatives. Develop project plans and execute efforts as necessary.
- Develop security awareness and training programs for IT and employees who work with sensitive data.
- Assist in the creation and management of IT Security and PCI Compliance policies, standards, procedures and guidelines.
- Work with confidential information obtained through security scans and assessments of BSD systems.
- Report status and progress on efforts to management as necessary.
- Other related security duties as assigned.
Knowledge, Skills, & Abilities
- Knowledgeable with PCI Compliance standards and assessments.
- Familiarity with network and application security including firewalls, VLANs, routers, switches, Linux and Microsoft Windows and VMware operating systems, Oracle and Microsoft SQL Server databases, ecommerce, PCs.
- Key understanding of core Information Security Areas (ID & ACCESS Management, Threat & Vulnerability Management, Information Risk & Governance, Network and Application Architecture, Incident Response, Security Strategy).
- Hands-on experience with designing, implementing and managing an enterprise-wide security program.
- 7+ years of experience in Information Technology. At least 4 years’ work experience in security systems and PCI compliance management.
- Completion of one of the following recognized professional certifications: QSA (Qualified Security Assessor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), Certified Ethical Hacker (CEH).
Education and Experience
- A./B.S. in Computer Science or related field or equivalent experience required. MS preferred.
- Minimum 7 years of experience required in Information Technology or a related field.