Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

For further inquiries regarding the following opportunity, please contact one of our Talent Specialists

Lavanya | 224 369 0873

Mohit | 224 507 1269

Title:Global Information Security Analyst

Location: Racine, WI

ENGAGEMENT DESCRIPTION
Project or Solution Security Consulting Responsibilities:
Perform security analysis of business solutions and develop security requirements across security domains with the goal of balanced protection of information systems assets, corporate data, and intellectual property based on enterprise security standards and enterprise risk appetite
Conduct threat modeling and technical security assessment of business solution-related components and services
Lead the design and implementation of an authorization matrix and privileged access management for a given business solution
Develop new security requirements for business use cases that are not covered by existing security standards based on:
o corresponding threat model
o enterprise risk appetite
o NIST CSF framework
o NIST security guidelines
o industry best practices and guidelines
Apply, validate, extend existing, and develop new security design patterns based on business and infrastructure use cases to support standardization and reusability
Collaborate with domain security architects and engineering in the development of security design and coordinate integration with enterprise security tools
Document formal project artifacts business requirements, high-level architecture/design documentation, low-level architecture/design documentation
Provide consulting to the business for vulnerability or penetration test assessment findings
Conduct a security readiness assessment of the business solution upon build to ensure all identified security requirements were properly met (e.g. technical, administrative, physical)
Provide general security support and consulting throughout the engagement
Security Governance Responsibilities
Develop, document, and socialize security patterns to drive simplification, standardization, and operational consistency
Participate in reviews and development of security standards based on security frameworks (e.g. NIST CSF, NIST 800-53, CIS, ISO 27000)
Stay up to speed with the latest developments in security frameworks and industry best practices, and maintain up-to-date knowledge of available enterprise solutions and security capabilities

General Responsibilities:
Provide technical and project leadership for IT security solutions
o Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenance
o Definition of control effectiveness metrics and establishment of ongoing visibility and reporting
o Integration into product-related lifecycle activities
o Development of an operational plan for the transition of the security solution to run
Evangelize agile culture and DevSecOps shift-left mentality within and outside of the information security department
Actively participate in team scrum activities in a hybrid productized and projectized environment
Properly document and manage scrum stories from sprint to sprint, ensuring timely updates
Provide input for the development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations)
Focus on self-service, automation opportunities and quality of supporting documentation

COMPETENCIES
Foundational:
5+ years of experience in security analysis/security consulting capacity
Security certifications CISSP, the addition of CCSP is a plus
Superior written, presentation, and verbal communication skills
Well-versed in industry standard frameworks such as NIST, CIS, CSA CCM, Mitre ATT&CK, ISO 27001, OWASP, and other
Prior experience developing information security standards/policies and patterns
Fundamental understanding of identity federation, PKI, virtualization, and cloud security reference architectures
Ability to stay up to date on the latest threat landscape developments
Ability to present in threat briefings, security demos, and security brown bag sessions on different security topics
Strong oral, written, and presentation skills
Strong analytical and problem-solving skills

Preferred Experience:
DevSecOps and product security
Previous IT or IT security engineering
Experience working in an agile or hybrid agile environment
Previous scripting or software engineering experience in C#, Python, GoLang, or similar

TRAVEL REQUIREMENTS:
Racine and Chicagoland area

DivIHN is an equal opportunity employer. DivIHN does not and shall not discriminate against any employee or qualified applicant on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status.