|
Search Jobvertise Jobs
|
Jobvertise
|
Global Information Security Analyst Location: US-WI-Racine Email this job to a friend
Report this Job
For further inquiries regarding the following opportunity, please contact one of our Talent Specialists Lavanya | 224 369 0873 Mohit | 224 507 1269 Title:Global Information Security Analyst Location: Racine, WI Duration: 12 Months Description: ENGAGEMENT DESCRIPTION Project or Solution Security Consulting Responsibilities: Perform security analysis of business solutions and develop security requirements across security domains with the goal of balanced protection of information systems assets, corporate data, and intellectual property based on enterprise security standards and enterprise risk appetite Conduct threat modeling and technical security assessment of business solution-related components and services Lead the design and implementation of an authorization matrix and privileged access management for a given business solution Develop new security requirements for business use cases that are not covered by existing security standards based on: o corresponding threat model o enterprise risk appetite o NIST CSF framework o NIST security guidelines o industry best practices and guidelines Apply, validate, extend existing, and develop new security design patterns based on business and infrastructure use cases to support standardization and reusability Collaborate with domain security architects and engineering in the development of security design and coordinate integration with enterprise security tools Document formal project artifacts business requirements, high-level architecture/design documentation, low-level architecture/design documentation Provide consulting to the business for vulnerability or penetration test assessment findings Conduct a security readiness assessment of the business solution upon build to ensure all identified security requirements were properly met (e.g. technical, administrative, physical) Provide general security support and consulting throughout the engagement Security Governance Responsibilities Develop, document, and socialize security patterns to drive simplification, standardization, and operational consistency Participate in reviews and development of security standards based on security frameworks (e.g. NIST CSF, NIST 800-53, CIS, ISO 27000) Stay up to speed with the latest developments in security frameworks and industry best practices, and maintain up-to-date knowledge of available enterprise solutions and security capabilities General Responsibilities: Provide technical and project leadership for IT security solutions o Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenance o Definition of control effectiveness metrics and establishment of ongoing visibility and reporting o Integration into product-related lifecycle activities o Development of an operational plan for the transition of the security solution to run Evangelize agile culture and DevSecOps shift-left mentality within and outside of the information security department Actively participate in team scrum activities in a hybrid productized and projectized environment Properly document and manage scrum stories from sprint to sprint, ensuring timely updates Provide input for the development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations) Focus on self-service, automation opportunities and quality of supporting documentation COMPETENCIES Foundational: 5+ years of experience in security analysis/security consulting capacity Security certifications CISSP, the addition of CCSP is a plus Superior written, presentation, and verbal communication skills Well-versed in industry standard frameworks such as NIST, CIS, CSA CCM, Mitre ATT&CK, ISO 27001, OWASP, and other Prior experience developing information security standards/policies and patterns Fundamental understanding of identity federation, PKI, virtualization, and cloud security reference architectures Ability to stay up to date on the latest threat landscape developments Ability to present in threat briefings, security demos, and security brown bag sessions on different security topics Strong oral, written, and presentation skills Strong analytical and problem-solving skills Preferred Experience: DevSecOps and product security Previous IT or IT security engineering Experience working in an agile or hybrid agile environment Previous scripting or software engineering experience in C#, Python, GoLang, or similar TRAVEL REQUIREMENTS: Racine and Chicagoland area About us: DivIHN, the 'IT Asset Performance Services' organization, provides Professional Consulting, Custom Projects, and Professional Resource Augmentation services to clients in the Mid-West and beyond. The strategic characteristics of the organization are Standardization, Specialization, and Collaboration. DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.
DivIHN Integration Inc
|