Sr. IS Security Analyst 9/9/2016
JOB DESCRIPTIONAPPLY Infogroup is looking for top talent to join our fast-paced and innovative team. We are seeking a/an Sr IS Security Analyst to join our Papillion, NE office. This position is responsible for security risk management across the enterprise, with the objective of analyzing key risks that are inherent to Infogroup systems and applications and determining appropriate controls to mitigate the identified risks. In addition to the above the risk analyst will maintain ownership and accountability for Compliance, Policy, Governance, Risk Assessments, Third Party Assessments, Security Awareness, and Training. Further, the position is responsible for conducting comprehensive analysis of information security systems and applications in order to enhance information security and drive strategic solutions. This position will also sit on various project teams to ensure that application security is embedded within the development lifecycle.
Essential Job Functions:
1. Risk Management -- Responsible for the creation and delivery of a comprehensive risk management framework. Including, Information Security Risk Assessments (ISRA), working with Leadership to define risk appetite, maintaining a risk registry, leading a monthly risk forum, risk ranking business and customer applications, implementing a risk acceptance process, and creating annual risk assessment plans.
2. Policy -- Responsible for defining, documenting, and implementing Information Security standards & policies across the enterprise. Including, Secure Application Development, Security Access Management, Security Operations, Customer Authentication Standard, Encryption Standard, PCI Standard, Information Classification & Protection Standard, Information Loss Reporting Standard, Information Security Risk Assessment Standard, Patch & Vulnerability Management Standard, Portable Media Standard, Secure Email Standard, Penetration Testing Standard, etc.
3. Governance -- Responsible for performing assessments on applications, systems, and database against policy, standards, ISO27002, PCI, etc. Defines and deploys a annual Security Awareness program. In addition, works with External Auditors to provide support as needed, reviews customer contracts and RFP's for appropriateness.
4. Business Continuity / Disaster Recovery -- Works alongside infrastructure and application teams to define disaster recovery objectives and facilitates annual testing against those objectives.
5. Projects -- Works effectively with project teams to ensure deliverables are deployed in a secure and consistent manner.
6. Consulting -- Provides security guidance and recommendations to various business units as required. Explains and articulates potential business risks to key stakeholders.
Supportive Job Functions:
1. Perform other miscellaneous duties as assigned by management.
2. Willingness to participate, as part of a team, in all levels of administration, from the mundane to the sophisticated.
3. Support other IT department initiatives/projects as necessary.
4. Strong verbal and written communication skills.
5. Strong organizational qualities in all aspects of work.
Knowledge, Skill, and Abilities:
1. Deep understanding of security risk exposures and how vulnerabilities can be translated into business risks that leadership understands.
a. Exhibits teamwork and collaboration.
b. Communicates effectively.
c. Understands and influences others.
d. Ability to work with others, seek agreements and build consensus.
e. High level of empathy, ability to understand where others come from and to seek and develop win-win situations.
f. Ability to coordinate team efforts among employees with varied expertise and levels of experience
a. Exhibits customer service orientation.
b. Demonstrates flexibility and change.
c. Demonstrates analytical thinking.
d. Demonstrates conceptual thinking.
e. A good balance of tactical deliveries with strategic vision
f. High degree of flexibility
g. Ability to stand his / her ground without being perceived as arrogant or stubborn
h. Ability to educate and nurture others at different levels in the organization
i. Ability to interact with all levels of the organization, including senior executives
j. Demonstrated ability to establish effective working relationships and collaborative work approaches with both internal and external contacts
k. Strong business acumen, able to establish early credibility with functional business leaders
l. Comfortable with ambiguity and matrix accountability -- able to implement solutions across business units, coordinating multiple cross-functional project teams.
a. Demonstrates commitment to Infogroup and its customers.
b. Takes personal responsibility for words and actions.
c. Maintains consistency between words and actions.
d. Acts in compliance with department, company, and industry standards.
a. Strong results orientation
b. Ability to work to a deadline
c. Holds self and others accountable.
d. Demonstrates drive to excel.
e. Exhibits mature self-confidence.
f. Ability to clearly articulate ideas to all key stakeholders.
g. Ability to summarize and simplify
h. Ability to get things done and show others the way
i. Ability to discern the needs of the audience and deliver the message to the right level of depth and breadth
k. Organization, planning, & prioritization
l. Customer service focus (internal and external)
6. Problem Solving
a. Capable of defining problem, identifying sources of information, and developing alternatives and recommendations to undefined or unapparent issues
a. Will be required to persuade individuals or groups to gain a desired agreement. Will be required to present concepts and ideas to a group.
b. Be able to prepare formal written presentations for a wide audience.
Education, Experience, and Certification:
1. Bachelor's degree in Management Information, Computer Science, Engineering, or equivalent work experience is required.
2. CISSP, CISA, CISM, MCSE, GIAC or equivalent security/infrastructure certification is preferred.
3. 2-5 years of Audit, Risk, or information security experience is required.
4. Experience with COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements is preferred
We're revolutionizing the way companies connect with their customers and grow their businesses. Find out how you can join the movement at www.infogroup.com/about-infogroup/careers-at-infogroup. Please reference requisition number PAPL3941.
Infogroup is the leading provider of innovative business data, and marketing solutions that are proven to increase customer acquisition and retention. Our mission is to use a combination of our client's data and our business and consumer data and really smart people to deliver the right communication to the right audience at the right time -- for Infogroup, that's real-time. For more information, please visit www.infogroup.com.
At Infogroup, our employees are directly responsible for our success. We strongly believe in rewarding employees for their initiative, teamwork and leadership. Every day, we expect our employees to ask questions, demand better solutions and challenge one another to succeed. We are constantly looking for candidates who are not only qualified and knowledgeable, but also have the drive to grow professionally. We hire dynamic individuals in variety of fields such as information technology, account management and client services, sales, marketing, administration and human resources.
Affirmative Action/EEO Policy