|Date Posted||September 3, 2021|
Full time Permanent Opportunity with an established mid-sized Biotech firm in Waltham, MA for an Information Security Analyst.
Local candidates will be preferred for if/when they return to work onsite or have a hybrid model, 2-3 days on-site
Senior Security Analyst
This role reports directly to the Associate Director of Information Security and will be responsible for a broad range of tasks including Information Security Third Party risk management as well as managing, monitoring and reporting on all aspects of the company’s security tools and technologies. The role will require managing security activities such as security solutions’ architectural design and implementation, risk calculation, security incidents, changes, policies and governance to meet various legal and regulatory standards including GDPR, HIPAA, SOX, ISO27001 etc.
In this role, the Analyst will manage, monitor, and coordinate third party risk activities by working directly with business lines and third-party contacts to ensure the appropriate protection of data. In this role, the successful candidate will interact with all levels of the organization and function as an integral team member in advancing the overall third-party program and will be accountable for performing third party due diligence to meet information security, data protection, and compliance requirements.
Additionally, the Analyst will work in close collaboration with the retained outsourced partners and external vendors to monitor and manage the company’s security landscape. In this role, the Analyst will support the operational day to day security activities, serve as an internal information security subject matter expert, provide information security awareness, education and training in tandem with the groups initiative’s, support the IT Audit program through participation or serving as the primary security lead in internal or external Audits and by providing technical input into new security solutions’ design and implementation. The Analyst will work very closely with peers in other teams including Governance-Risk-Compliance (GRC) and Global Infrastructure groups to continuously improve the organizations security posture.
Essential Duties and Responsibilities:
• Perform complex risk assessments of current and prospective third-party business and technology providers to assess their control structure and alignment to Information Security standards and partner with internal stakeholders to assess the residual risk the third party presents
• Assess and improve current processes to achieve optimal outcomes focusing on the highest risk vendors
• Organize and lead meetings related to third party assessments: prepare meeting agendas, send out meeting minutes and coordinate follow up activities as appropriate
• Evaluate new tools and techniques to create innovative and practical security solutions
• Lead project management activities associated with the implementation of new or upgraded hardware and software components of security enterprise solutions including project planning, execution and closeout.
• Support vulnerability management activities
• Investigate security incidents and escalate as required; operate software/hardware to protect information systems and all infrastructures.
• Create, develop, maintain and provide guidance on the implementation of information security across the organization through the use of policy, procedures and standards
• Provide support and evidence when required in respect of all audit activity undertaken within the environment to include liaising directly with auditors.
• Attend Global Change Advisory Board and review proposed changes to identify gaps in controls or changes that introduce an unacceptable level of risk
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Strive for continuous improvement across the delivery of the organizations security services
Minimum Education & Experience Requirements:
• BS/BA in Computer Science, IT, Information Systems or 10+ years’ experience in IT Security or IT infrastructure disciplines
• 3-5 years’ experience working with Third Party Risk, Compliance or audit function
• Proficient in report writing
• Desired certifications, one or more of the following: CISSP, CISM, CISA, CRISC.
• Possess a working knowledge of computer network vulnerability and compliance scanning/analysis software (e.g. Nessus).
• Knowledge of network security architecture concepts including topology, protocols and network security methodologies and principles (e.g., application of defense-in-depth).
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).
• Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, NIST 800-53, ISO27001, CIS)
• Ability to work independently on defined tasks and can be relied upon to deliver high quality results
• Ability to quickly understand and adapt to a complex and rapidly changing environment
• Demonstrate problem solving, analytical skills and attention to detail
• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
• Business and solution oriented, global mindset of strategic orientation, with ability to act tactically as required.
• Experience in working in a team-oriented, collaborative environment
• Excellent communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
• Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
• Pro-active mindset, ability to think end-to-end.
About Advantage Resourcing
Advantage Resourcing is committed to providing equal employment opportunity for all persons regardless of race, color, religion (including religious dress and grooming practices), sex, sexual orientation, gender, gender identity, gender expression, age, marital status, national origin, ancestry, citizenship status, pregnancy, medical condition, genetic information, mental and physical disability, political affiliation, union membership, status as a parent, military or veteran status or other non-merit based factors. We will provide reasonable accommodations throughout the application, interviewing and employment process. If you require a reasonable accommodation, contact us. Advantage Resourcing is an E-Verify employer. This policy is applicable to all phases of the employment relationship, including hiring, transfers, promotions, training, terminations, working conditions, compensation, benefits, and other terms and conditions of employment.
All employees are directed to familiarize themselves with this policy and to act in accordance with it. All decisions with respect to employment matters and other phases of employer-temporary employee relationships will be in keeping with this policy and in accordance with all applicable laws and regulations.