Sr Security Analyst (CONTRACT) 5/2/2020
JOB DESCRIPTIONAPPLY Primary Purpose:
This role reports directly to the Associate Director of Information Security and will be responsible for a broad range of tasks including managing, monitoring and reporting on all aspects of the company s security landscape. The role will require managing security activities such as security solutions architectural design and implementation, risk calculation, security incidents, changes, policies and governance to meet various legal and regulatory standards including GDPR, HIPAA, SOX, ISO27001 etc. This role will also support the Information Security Vendor management and Audit programs.
Job Description: (Please note this is a contract role)
The Analyst will work in close collaboration with the retained outsourcing partners and external vendors to monitor and manage the company s security landscape. In this role, the Analyst will support the operational day to day security activities, serve as an internal information security subject matter expert, provide information security awareness, education and training in tandem with the groups initiative s, support the Information Security Vendor Management process through completion of 3rd party security assessments, support the IT Audit program through participation or serving as the primary security lead in internal or external Audits and by providing technical input into new security solutions design and implementation. The Analyst will work very closely with peers in other teams including Governance-Risk-Compliance (GRC) and Global Infrastructure groups to continuously improve the organizations security posture.
Essential Duties and Responsibilities:
* Evaluate new tools and techniques to create innovative and practical security solutions
* Lead project management activities associated with the implementation of new or upgraded hardware and software components of security enterprise solutions including project planning, execution and closeout.
* Support vulnerability management activities
* Investigate security incidents and escalate as required; operate software/hardware to protect information systems and all infrastructures.
* Create, develop, maintain and provide guidance on the implementation of information security across the organization through the use of policy, procedures and standards
* Provide support and evidence when required in respect of all audit activity undertaken within the environment to include liaising directly with auditors.
* Work with the Associate Director of Information Security to manage relationships with external vendors, ensuring that the performance and provision of services are meeting expectations.
* Attend Global Change Advisory Board and review proposed changes to identify gaps in controls or changes that introduce an unacceptable level of risk
* Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
* Strive for continuous improvement across the delivery of the organizations security services
* Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues
Minimum Education & Experience Requirements:
* BS/BA in Computer Science, IT, Information Systems or 10+ years experience in IT Security or IT infrastructure disciplines
* Relevant professional certifications desirable e.g. CISA, CISM, CISSP,
* 5+ years experience working in a similar role is desirable
* Experience in installation, configuration and troubleshooting of tools such as firewalls, IPS, malware protection, Log Management, MFA, NAC, and vulnerability management
* Good understanding of Privileges and Rights in Windows AD
* Possess a working knowledge of computer network vulnerability and compliance scanning/analysis software (e.g. Nessus).
* Experience of Privileged Access Management Solution implementation an advantage
* Experience of ICS an advantage
* Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
* Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
* Knowledge of common IT industry and IT security standards (e.g. ISO 27001, 27002, NIST800-53, CIS, COBIT, 21 CFR Part 11, ITIL)
Ability to work independently on defined tasks and can be relied upon to deliver high quality results
Ability to quickly understand and adapt to a complex and rapidly changing environment
Demonstrable problem solving, analytical skills and attention to detail
Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
Experience in working in a team-oriented, collaborative environment
Highly self-motivated, high achiever
Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
Pro-active mindset, ability to think end-to-end.
Alkermes, Inc. is an equal employment opportunity employer and does not discriminate against any applicant because of race, creed, color, age, national origin, ancestry, religion, gender, sexual orientation, disability, genetic information, veteran status, military status, application for military service or any other class protected by state or federal law.