Our client, a provider of insurance products both in the US and abroad, is currently seeking an IT Security Analyst for the firm's offices in downtown Manhattan.
The IT Security Analyst will be responsible for the day-to-day operations of the in-place security solutions and also the identification, investigation and resolution of security breaches. This role will be responsible for contributing to and strengthening the corporate Information Security program. We are seeking candidates with excellent communication skills, as the IT Security Analyst will frequently make presentations, provide training, and communicate with executive and non-technical audiences about security topics, in addition to collaborating with technical engineers on security implementation.
-Assists in overseeing and implementing the corporate cybersecurity program.
-Maintains, produces and assists in the development and adoption of IT security policies and procedures.
-Analyzes security breaches to determines their root cause and reviews violations of security policies.
-Maintains, supports and coordinates corporate User Security Awareness Training programs (Wombat, KnowB4, NanoLearning and others).
-Provides technical administrative security support for all versions of Windows Operating Systems, Norton Anti-Virus, McAfee, Rapid7 and other software areas as required to provide support in IT operations.
-Coordinates Windows and non-Windows patching on server and client side.
-Monitors network, server and system alerts and logging received from network and server monitoring utilities (e.g. Cisco Works, Nagios, Varonis, AV, SPAM, proxy, IPS, PKI).
-Maintains data and security access. Protects digital files and information systems from unauthorized access.
-Implements and maintains cryptographic solutions and controls.
-Creates and modifies user accounts, storage directories and shares permissions. Facilitates privileged and standard user account access.
-Creates Group Policy Objects and Active Directory objects within Windows domain environment. Provides technical documentation and manual write-ups.
-Completes access request processing as per pre-defined sets of procedures and within agreed Service Level Agreements (SLA), resolves problem tickets and assist other security analysts as needed to provide access management business requirements and insure compliance with industry and company security standards
-Documents access management procedures for assigned applications and/or platforms; keeps the access management procedures up-to-date
-Coordinates with internal and external auditors to assure HIPAA, SOX, Client, and other regulatory compliance. Participates in SOX Compliance processes. -Proactively identifies audit and compliance related issues to reduce the risk of security exposures and non-compliance
-Plans and implements security improvements and solutions to assure US and European regulatory compliance (HIPPA, NYCRR, GDPR, Cyber Essential, BMA).
-Partners with risk management to ensure the transparency of risk reporting related to compliance evaluations and resolution of identified gaps. Performs risk assessments and executes tests of data processing.
-Prepares necessary audit documentation.
-Provides inventory, license tracking, and other tracking information as dictated by business requirements.
-Provides support and assists end-users in the usage of their computer equipment in our computing environment.
-Creates and modifies user training manuals, IT documentation and infrastructure designs.
-Researches current trends and technologies for future product ideas.
-Bachelor's Degree with a concentration in Computer Information Systems (other degree disciplines will be considered with applicable experience in security IT analysis and implementation).
-Minimum of 3 years Cybersecurity experience.
-Must be able to perform duties independently, but also as a member of a team.
-Excellent communication and presentation skills.
-Strong working knowledge and understanding of business security practices and procedures.
-Knowledge of currently available security tools, various communication protocols, and encryption techniques/tools.