Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.
Information Security Analyst Job Description Template
Our company is looking for a Information Security Analyst to join our team.
- Provides input to the service continuity planning process and implements resulting plans;
- Supports the Security Incident Response process, including both internal and external security incident management;
- Technical security solution management and configuration;
- Assists with Third Party Supplier security monitoring and due diligence;
- First point of contact for IT, Business Services and business users regarding security concerns;
- Assists with responding to Client Security Assessments, Client Audits and implementing any resulting action plans;
- Works with external security providers to proactively maintain a secure environment;
- Assesses changes to environments and uses threat assessments to advise on security concerns;
- Takes active part in information security initiatives including Security Awareness Communication and Training;
- Work with Third Party Supplier security monitoring and due diligence;
- Perform security risk, vulnerability assessments, and business impact analysis;
- Support the implementation and maintenance of ISO 27001;
- Interpret information assurance and security policies and apply these in order to manage risks;
- Provide advice and guidance on the application and operation of security controls;
- Take part in information security initiatives.
- Risk management experience desirable;
- CISSP, CISA or CISM certification desirable;
- Ability to collaborate with the wider security group to reach common goals;
- Providing security consultancy to internal projects;
- Performing security assessments of 3rd party suppliers and managing relationships;
- Taking an active role in external/internal audits as necessary;
- Network / Windows security management (Wi-Fi and LAN security management, PowerShell, Server Security Management);
- Good technical understanding of industry leading Cloud platforms and technologies (AWS, Azure) highly desirable;
- Identity & access management;
- Securing assets in Public/Private and Hybrid Cloud environments (preferably AWS);
- Risk Management;
- Knowledge of professional services and partnership environments advantageous;
- Familiar with requirements for securing CI/CD and code deployment pipelines;
- Scoping and managing PEN tests including remediation activities;
- Working knowledge of legal applications desirable.