The Senior Information Security Analyst will be responsible for monitoring systems, conducting vulnerability assessments, and providing analysis and remediation of potential security related events and incidents. This role will also design, integrate, and operate various IT security systems for the protection of the Firm’s infrastructure and data.
Responsibilities include, but are not limited to:
- Analyze various security logs and related security events to determine risk and develop the necessary action plans.
- Provide vulnerability assessments and provide remediation plans.
- Ensure all Firm information security systems are configured and operating according to Firm policies and standards.
- Operate, configure, and fine tune the Security Information and Event Management (SIEM) system. Investigate and report all information regarding security breaches and other cyber security incidents.
- Develop automated adaptive responses and alerting of detected cybersecurity incidents.
- Assist in client security audits and questionnaire.
- Install and configure security measures and countermeasures to defend against cyber intrusions and attacks.
- Maintain and oversee various identity access management software.
- Monitor and ensure security control effectiveness (e.g., system patching, firewall changes).
- Provide reports to management on key metrics pertaining to security-related issues.
- Investigate security breaches and vulnerabilities identified through audit reports and follow up accordingly with different departments.
- Assist with risk assessments to ensure data remains protected.
- Work with the business to optimize and automate security-based processes.
- Bachelor’s degree in Computer sciences or related field required.
- Security certification such as CISSP, CCNA Security or CISM preferred.
- 5+ years of IT based experience working in a security role, focusing on information security analysis.
- 5+ years of experience with technologies such as Vulnerability Management, Identity Management, Data Protection, Security Information and Event Management (SIEM), Anti-Virus, Data Loss Prevention, Endpoint Detection and Response, and Privileged Access Management (i.e., CrowdStrike, LogRhythm, Cisco ASA, Palo Alto, Varonis).
- Experience with network management tools, Active Directory and Group Policy.
- Experience with ISO 27001 certification process or other compliance framework such as HIPAA, PCI, and SOX.
- Excellent written and verbal communication skills including ability to communicate security risks to non-technical people.
- Exceptional interpersonal skills including teamwork, facilitation and negotiation.