The security analyst is responsible for analyzing an enterprise's information security environment and proposed technologies and recommending security measures to safeguard its valuable information assets. This means understanding the business requirements for security and how best to meet those requirements. The person in this position must possess a detailed knowledge of the business, as well as information security expertise, to develop, evaluate and implement security plans appropriate to the level of risk the enterprise faces. One of the critical requirements of the security analyst's position is proficiency in the use of various tools and techniques, including risk, business impact, control and technical or vulnerability assessments, used to identify business needs and determine control requirements. Experience in developing security plans - including security architecture and tactical plans - is essential for success in this position.
The security analyst acts as an advisor to the enterprise's business units, as well as to other risk management functions. For this reason, an up-to-date understanding of the latest security threats, trends and technologies is a crucial component of the position.
The security analyst is a senior member of the information security team and works closely with the other members of the team to deliver a comprehensive information security program. The security analyst works with the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained. The analyst helps IT and business teams understand the relative tradeoffs between controls and security technologies.
location: CAMBRIDGE, Massachusetts
job type: Contract
work hours: 8am to 4pm
The security analyst responsibilities :
- Works with the client's business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments
- Plays an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle; evaluates vendors on their security controls and security technology choices
- Works with client's IT department and members of the information security team to identify, select and implement technical controls
- Develops strategies and plans to achieve security requirements and address identified risks
- Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action
- Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Advises on security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
- Can evaluate systems and vendors from a technical perspective not just a GRC/ security program perspective
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
- Experience with common information security management frameworks, including National Institute of Standards and Technology (NIST) framework
- Proficiency in performing risk, business impact, control and vulnerability assessments
- Excellent technical knowledge of a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools, as well as mainstream operating systems (for example, Microsoft Windows and Sun
- Experience level: Experienced
- Education: Bachelors
- SECURITY ANALYST
- privacy assessments
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.