The Information Security Analyst provides leadership and direction for the planning, architecture, operation, and monitoring of all IT security programs with an emphasis on PCI compliance. This role seeks to protect against the unauthorized access, modification, or destruction of Client’s systems and information assets. On an on-going basis, this position will manage all activities across CLIENT to ensure ongoing data security and validation with current security standards.
- Assess and document security controls and vulnerabilities for data and user access across all CLIENT systems. Plan for mitigation and improvements utilizing best practices and current standards.
- Monitor change control systems for system and network modifications and ensure they meet and maintain security standards.
- Perform basic computer forensics as needed.
- Evaluate, implement, and maintain vendor supplied security hardware components & software packages.
- Perform diagnostics for security problems and identify and analyze security risks.
- Coordination of security assessments with internal audit and external vendors.
- Identify and investigate security breaches and fraudulent activity within CLIENT systems.
- Develop, maintain, and manage PCI compliance program and other security initiatives. Develop project plans and execute efforts as necessary.
- Develop security awareness and training programs for IT and employees who work with sensitive data.
- Assist in the creation and management of IT Security and PCI Compliance policies, standards, procedures, and guidelines.
- Work with confidential information obtained through security scans and assessments of CLIENT systems.
- Report status and progress on efforts to management as necessary.
- Other related security duties as assigned.
- Knowledgeable with PCI Compliance standards and assessments.
- Familiarity with network and application security including firewalls, VLANs, routers, switches, Linux and Microsoft Windows and VMware operating systems, Oracle and Microsoft SQL Server databases, ecommerce, and PCs.
- Key understanding of core Information Security Areas (ID & ACCESS Management, Threat & Vulnerability Management, Information Risk & Governance, Network and Application Architecture, Incident Response, Security Strategy).
- Hands-on experience with designing, implementing and managing an enterprise-wide security program.
- 7+ years of experience in Information Technology. At least 4 years’ work experience in security systems and PCI compliance management.
- A./B.S. or equivalent experience required. MS preferred.
- Seven (7) years minimum required.