CONSULTING, POSSIBLE CONSULT/HIRE
As part of the Information Technology Services team, the Information Security Analyst will be assisting in planning, carrying out, and maintaining security measures to protect the University's computer networks and systems.
The position is located in upper Manhattan and will report to the Info Sec Manager. S/he will support the team to ensure Information Security is seen as a positive advantage to the business, not just compliance, and provide inputs into future strategy and other areas of the wider Information Assurance remit.
-Examine alert entries provided by security providers (Firewall, SIEM, Cloud Services, Endpoint protection tool)
-Install, make functional, define processes for the SIEM. Work with the vendor to have it operational.
-Report any unusual activity depending on their severity
-Finetune all sensors from monitoring devices.
-Update operation security procedures.
-Follow up on every open security incident with the assigned technical team/person
-Create automated report based on defined metrics to perform gap analysis.
-Help enforce new and updated policies and report all non-compliant issues found.
-Monitor Administrator access to systems and make recommendations to limit risk exposure.
-Read all messages in the departmental mailbox. Alert and triage any incidents
-Read all REN-ISAC feeds for alerts any incidents that may affect organization.
-Analyze every intake form to insert new systems into the environment.
-Provide guidance as needed to IT and Business partners to ensure secure implementation of processes, systems and services.
-General Counsel liaison with ITS
-Organize and conduct training for all employees regarding security and information safeguarding
-Work with third party vendors on information security incidents.
-Assist on all departmental duties and responsibilities
SCOPE OF RESPONSIBILITY
The Information Security Analyst will be protecting all sensitive information within the organization and hence, must be able to adjust communication style/content to interact with IT, business professionals, academic administrators, faculty, and staff.
The incumbent will be responsible to insure all networks and systems have adequate security to prevent unauthorized access.
-Vulnerability Management and Penetration Testing– Perform vulnerability scans. Review current environment for vulnerability exposure and emerging threats. Participation in the Patch Management Program to identify new patches, rate patch severity, manage monthly meetings, produce metrics, and follow up with responsible parties. Perform Penetration Testing to confirm exploits in vulnerable systems.
-Suspicious Activity Monitoring - Monitor and investigate potential Information Security breaches from various security systems (e.g. IDS, anti-virus, DLP, logs, etc.).
-Introduction or enhancement of security controls. Gap remediation.
-Verify that every endpoint is compliant with the ITS security policy and
-Analyze all requests to approve and restrict all connections to the network.
-Develop reports to share with administrators about the efficiency of security policies and recommend any changes.
-Evaluate, test and recommend security software to implement in The organization's network.
-Must ensure that all security systems are current with any software or hardware changes.
-Plan and document all security information including physical and internet security.