Vendor Security Assessments Senior Analyst - Information Security

Illinois  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Job Summary
  • Reporting to the Information Security director security Vendor Management, the individual will act as a subject matter expert to successfully manage vendor security assessments.
  • This individual will also act as a liaison to both the vendor and internal business teams on security controls design and management.
  • Candidates will conduct and manage vendor security assessments and due-diligence reviews to assess vendor compliance to the security controls outlined in business agreements, security or corporate policies, procedures, and regulations along with ability to map security controls and requirements.
  • Review vendor supplied policies and procedures, internal/external assessment reports, security technology information and agreements.
  • The Candidate will provision assessment reports and executive summaries with recommendations and direction regarding remediation efforts and disposition of the third party.
  • Communicate, escalate, and track vendor progress on assessment remediation activities.
  • Understand information security risks that are inherent to a business and articulate those risks in business terms.
  • Maintain current knowledge on information security topics and their applicable program requirements.
Job Responsibilities
  • Supports the assessment and management of security for one or more vendors across the enterprise. Provides insight on the deployment of security technology solutions at vendors, which may include technology for encryption, Firewalls, authorization, authentication, intrusion detection, and gateway security controls.
  • Develops, implements, and ensures documentation of security standards, procedures, processes, guideline and policies, such as user authentication rules, security breach resolution procedures, security auditing procedures, and use of Firewalls and encryption routines. Ensures requirements and deliverables are clearly defined.
  • Prepares status reports on security matters to analyze security risk and response of vendor security controls. Monitors and proactively recommends solutions for correcting issues related to security technology performance and capabilities of vendors.
  • May track and monitor software viruses or vulnerabilities as identified at vendor locations.
  • Enforces security policies and procedures by monitoring security profiles. Reviews security violation reports and investigates possible security exception of vendors. Updates, maintains and documents security controls.
  • May be involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
  • Provides direct support to the business and IT staff for security-related issues, which may include off hour analysis of vendor security posture.
  • Acts as a subject matter expert on the implementation and capabilities of the existing security technology within the Company and at vendor sites.
  • Works collaboratively with areas of IT, IT security and vendors to ensure that all IT technology solutions are appropriately implemented and supported.
  • May guide and provide leadership to more Junior Analysts.
SKILLS:

Qualifications
  • Bachelor's Degree and at least 5 years of experience in IT OR do you have a High School Diploma/GED and at least 7 years of experience in IT.
  • At least 2 years of experience in information security designing and implementing enterprise security solutions.
  • Experience with some aspects of information security and compliance, such as PCI, SOX, and HIPAA requirements for information systems and industry best practices such as ISO, NIST (National Institute of Standards and Technology).
  • Experience with some networking and security technologies such as IPSEC (Internet Security Protocol), VPN (Virtual Private Network), Routers, Switches, Firewalls, intrusion detection and prevention, data leakage, WAF (Web Application Firewall).
  • Experience in examining reports on security controls (SSAE-16, PCI-ROC, Application Security Assessments)
  • Experience communicating conceptual and technical information.
  • Experience translating technical data into business impact information.
Preferred Qualifications
  • Achieved one of the following certifications (PCI-ISA, PCI-QSA, CISA, CISM, CISSP)
  • Experience communicating and translating conceptual and technical data into business impact information regarding (Website security, Protocol usage, Security Policy, Open source Security Research).
  • At least 1 year of direct experience in implementation or management of information security systems such as; Firewall Management, Intrusion Detection/Prevention Systems (SIEM, IDS, IPS), Data Loss Prevention (DLP), Web Application Firewall (WAF), Malware analysis systems, Vulnerability scanning, Application Security Assessment.
  • At least 1 year of experience in implementation or management of host and network technologies such as Routers, Switches, Firewalls, Operating System administration (such as Unix/Linux, Microsoft Windows, mobile operating systems).
  • Experience managing multiple tasks/projects simultaneously and meeting established deadlines.
Start date
n.a
From
Synectics
Published at
16.12.2015
Project ID:
1038286
Contract type
Freelance
To apply to this project you must log in.
Register