Jobs at Redbud Cyber Security Recruiting

View all jobs

InfoSec Analyst – IR & 3rd Party Risk

Lowell, MA
Description of Position:
This position works as part of a security team responsible for ensuring that the company's information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position serves as an internal information security consultant and will be responsible for designing, implementing, supporting and maintaining policies and security solutions in both operational and customer hosted environments. This position demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required.
Tasks and Responsibilities:
  • Serves as an internal information security consultant to the organization.
  • Supports the incident response process, responding to security incidents across the organization that will vary in scope/severity.
  • Supports the development/advancement of the organization’s incident response program, executing strategic projects/initiatives to help advance the incident response maturity level.
  • Coordinates teams across the business as part of the incident response process to ensure the appropriate individuals are involved in incident containment, analysis, and resolution.
  • Provides written/verbal updates and consistent communication to management as part of the incident response process.
  • Executes/oversees internal projects to help mature the incident response program including process development/improvement, policy creation/maintenance/selection/implementation of technical solutions.
  • Supports the Third-Party Risk program, evaluating third parties under consideration by the organization to identify potential risks from a security and privacy perspective.
  • Provide support for IT projects, identifying risk specific to the project and actions necessary for remediation.
  • Supports the development, implementation, and management of security policies and procedures to ensure they remain aligned with business objectives and meet regulatory requirements.
  • Supports the development, implementation, and management of security knowledgebase to include all company products/environments.
  • Provides expertise/support to ensure company’s security framework remains in compliance with applicable regulations including evolving data privacy regulations.
Recommended skills, abilities, and certifications
  • BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent and 1-3 years related work experience in information security, governance and/or related functions (such as IT audit and IT Risk Management).
  • Develop positive relationships, effectively communicate with employees, customers, auditors, business partners, all levels of management.
  • Excellent analytical skills in order to identify security risks/appropriate measures needed to help mitigate those risks. Must be comfortable in conducting independent research of issues/inquiries in order to provide guidance when requested.
  • Experience in security incident response/management including analysis of events, review of suspected malicious activity, identification of Indicators of Compromise and providing guidance on resolution/remediation activities and cloud environments including public/private cloud.
  • Experience with system implementations and identification of security related risks associated with such implementations. Ability to identify risks, action for remediation, communicate remediation needs to project team.
  • Experience with information security management frameworks such as AT101 SOC 2, ISO, ITIL, CobiT, NIST to include development of policies, process, and procedures within the environment.
  • Experience supporting regulatory/compliance programs such as HIPAA, PCI, MA 201 CMR 17.
  • Experience designing and implementing controls within corporate networks to include computer/network security and operating systems such as UNIX, Linux, and WINDOWS, as well as LAN/WAN internetworking protocols such as TCP/IP and network perimeter protection (firewalls).
  • Strong technical background including Active Directory, firewalls and vulnerability scanning tools highly desired.
  • CISA, CISM, CRISC, CISSP, or similar security certification highly desired.
Share This Job
Powered by