Information Security Analyst
Experience: | 4+ Years |
---|---|
Work Location: | Remote / Work from home (WFH) |
Joining: | 15 days after selection confirmation |
Salary Package: | Not a constraint for the right candidate |
Role: | Information Security Analyst |
Role Category: | Information Security and Risk Governance |
Employment Type: | Full Time (Permanent) |
About the company:
We at Frigg Business Solutions LLP understand the importance of providing innovative and advanced technology solutions as well as the challenges of misconfiguration; the varied compliance minefields given that you are governed by laws, rules, and regulations pertaining to your industry as well as of the Union and the State; and of managing the privacy and security frameworks such as ISMS, HIPAA, HITECH, HITRUST, NIST, PCI, QMS, and FFIEC. Therefore, we offer solutions that are effective, yet simple, easily deployable, and manageable.
At Frigg Business Solutions LLP, we provide certification services; a variety of security services including aid in drawing up watertight compliance policies, and giving them an enforceable form with procedures outlined specifically to your organization; information security training; assess vulnerabilities by undertaking a risk analysis; help you in creating strong documentation to establish due diligence; process re-engineering services; and overcome the challenges associated with cloud migration.
About our Client Company, for which hiring the resource:
Our client company provides healthcare clients with a transparent, structured view of complex drug coverage information. They are a company that values:
• Collaborative teams focused on meeting goals and delivering value
• Continuous learning and opportunity to grow
Our client organization answers the “what” and the “why” related to drug coverage and reimbursement, leveraging technology, research, and industry experts to make sense of how and why specific pharmaceutical drugs are covered. Physicians and pharmacies use our data and applications to understand what drugs are available to patients and how they are covered by health plans. Pharmaceutical manufacturers trust our data to understand how their drugs and competitive drugs are covered, which helps forecast performance and tune strategy.
Position Overview / Job Responsibilities:
The Information Security (InfoSec) vertical is responsible for maintaining a framework designed to provide assurance that information security strategies are aligned with and support business objectives that are consistent with applicable laws and regulations through adherence to policies and internal controls all in an effort to manage risks.
The InfoSec group also partners with other business units (BU)’s internal teams to assist with the completion of security audits, both from customers and for 3rd party services used by each respective BU.
As an InfoSec Analyst, you will be part of a team responsible for protecting the Company’s data and the Information Technology assets it resides on (including but not limited to; SaaS infrastructure, networks, hardware, and software) from a range of criminal activity. You will monitor networks and systems, detect security threats (‘events’), analyze and assess alarms, and report on threats, intrusion attempts and false alarms, either resolving them or escalating them, depending on the severity.
Roles and Responsibilities:
- We are looking for a resource with a good understanding of Information Security, its implementation, and auditing.
- Keep up-to-date with the latest security and technology developments
- Research/evaluate emerging cyber security threats and ways to manage them
- Plan for disaster recovery and create contingency plans in the event of any security breaches
- Monitor for attacks, intrusions, and unusual, unauthorized or illegal activity
- Test and evaluate security products
- Use advanced analytic tools to determine emerging threat patterns and vulnerabilities
- Engage in ‘ethical hacking’, for example, simulating security breaches
- Identify potential weaknesses and make infrastructure recommendations, such as firewalls and encryption
- Investigate security alerts and provide incident response
- Monitor identity and access management, including monitoring for abuse of permissions by authorized system users
- Liaise with stakeholders in relation to cyber security issues and provide recommendations
- Generate reports for both technical and non-technical staff and stakeholders
- Maintain an information security risk register and assist with internal and external audits relating to information security
- Monitor and respond to ‘phishing’ emails and ‘pharming’ activity
- Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
- Give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
- Perform risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures.
- Recommend when to update virus protection systems by monitoring current reports of computer viruses; facilitates or performs needed updates.
- Support efforts to meet State and Federal regulatory requirements utilizing established security framework (NIST).
- Support internal and external audits through maintaining and updating the Document Request List and IT Compliance documentation repository including central IT Policies and Procedures.
- Assist with SOC 2 Type II access reviews and security assessments.
- Assess information risk, reporting on and facilitating remediation of identified vulnerabilities for IT security and IT risk across the organization.
- Manage the continuous protection of systems and information assets by contributing to or coordinating teams in the execution and implementation of information security defense improvements involving architecture, processes, tools and automation.
- Assist in establishing, reviewing and maintaining security related policies, standards, processes, procedures and guidelines to contribute toward the protection of critical business functions from disruption due to system failure or unavailability and to ensure enterprise applications have appropriate protections in place.
- Partner with IT staff to monitor the security posture of all networked systems and leads efforts to take appropriate steps to quickly deal with any identified vulnerabilities.
- Provide network and security expertise and guidance for all aspects of information assurance.
- Maintain a high level of technical expertise on server/network hardware and software and appropriate security tools.
- Assist in the selection, evaluation, and implementation of information system security infrastructure and strategic and operational planning.
- Collect, perform data analysis and supporting IT Security Education and Awareness initiatives.
- Coordinate periodic compliance related meetings including the preparation of meeting materials.
- Perform duties in compliance with and accordance to organizational policies and procedures, regulatory requirements and sound business practices.
- Preferably be familiar with ISO requirements and other InfoSec standards.
- Reviewing technical and business operational processes of clients
- Must take full responsibility for their work and should think outside the box to suggest process improvements.
- The resource is expected to have the ability to work in a very challenging environment [SLAs and Metrics tracked and reported].
- Manage customer relationships and expectations by developing a communication process to keep others up to date on project results and share learning.
- Stay current with customer needs and strategies; utilizing formal and informal written communication methods (for example, emails, newsletters, PowerPoint presentations, executive updates, task lists, updates) to communicate updates and findings; and facilitating project meetings and presentations to all types of diverse audiences (for example, senior management, Customers, technical staff)
- Provide coaching to team members and peers by collaborating with others; articulating ideas and viewpoints to senior management, peers, and others; identifying and initiating projects; managing resources; driving the resolution of issues, and holding self and team accountable for results.
- Must be able to prioritize tasks and report on progress.
- A prompt learner with the ability to resolve issues and report on self-performance.
Soft skills
- Must take personal accountability and/or responsibility for their work and should think outside the box
- Highly independent personality exhibiting humility and compassion
- Ability to work in a very challenging environment [SLAs and Metrics tracked and reported]
- A prompt learner with a rapid ability to resolve issues, and report on self-performance
- Able to prioritize tasks and report on progress
- Always learning and exhibit consultative behavior
- Must have direct client handling experience either from offshore or direct onsite experience
- Preferably US Healthcare experience
Qualification Education:
- Bachelor’s Degree from an accredited university or college in Computer/Information Science/Business or equivalent experience.
- Enterprise-wide Network/System Administration or Engineering experience.
- Project management, use of methodology, time management, and organizational skills to direct security efforts with the project team.
- Demonstrated ability to coordinate high visibility projects, work effectively and carefully under pressure, meet project deadlines, learn independently, communicate effectively with a variety of people, and write well is required.
- Excellent troubleshooting and problem-solving skills are required.
- Interpersonal and presentation skills needed to communicate successfully both orally and in writing with individuals/groups and interact with people at all levels to communicate ideas and concepts in a clear and understandable manner.
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy.
- Expert-level knowledge of and extensive experience with the following are preferred:
- Windows, Linux, and macOS operating systems, networks and network security technologies (IPS, firewalls, etc.), TCP/IP network communication structure, protocols and processes, Internet protocols and connectivity methods, vulnerability scanning, penetration testing and user authentication technologies.
- Attention to detail and ability to work collaboratively with both technical and non-technical individuals.
Additional qualification (Good to have):
- ISMS and/or QMS Implementer / Lead Auditor Certified, IT Industry awareness certification.