IT Security Analyst
Salem, OR 97301 US
Meridian Technology Group is seeking an IT Security Analyst.
GENERAL STATEMENT OF DUTIES
- Plan, organize, manage, and administer information security programs, operations, and functions
- Develop and implement program and strategic planning
- Implement and assist in the development of information security program policies, procedures, and business practices
- Evaluate goals, objectives, priorities, and activities to improve performance and outcomes
- Recommend and establish administrative controls and improvements
- Develop procedures to implement new and/or changing regulatory requirements
- Serve as an advisor to the management team.
- Works under general supervision of the IT Director who assigns work, establishes goals, and reviews the results obtained for overall effectiveness through the analysis of work products, observations, and meetings.
TYPICAL DUTIES - DUTIES INCLUDE, BUT ARE NOT LIMITED TO THE FOLLOWING:
- Security Program -
- Develop and maintain the framework for the organization's IT information security.
- Evaluate and recommend new information security technologies and counter-measures against threats to information or privacy.
- Identify information technology security initiatives and standards for the organization.
- Manage the development, implementation, and maintenance of the information security policy, standards, guidelines, and procedures.
- Set the access and authorization controls for everyday operations, as well as emergency procedures for data handling.
- Set the standards for access controls, audit trails, event reporting, encryption, and integrity controls.
- Keep abreast of latest security legislation, regulations, advisories, alerts, and vulnerabilities pertaining to IT operations.
- Security Risk and Prevention -
- Develop and implements an ongoing risk management program targeting information security and privacy matters; determines the methods for vulnerability detection and remediation and oversees ongoing vulnerability testing.
- Lead the information technology security assessments to identify risk due to changes or modifications to the computing environment.
- Direct the security assessments/audits to identify vulnerabilities in security program and policies.
- Control testing of security procedures, mechanisms, and measures.
- Collaborate with federal and state auditors, IT managers, and subject matter experts for satisfactory completion of compliance and program audits of the information security program.
- Security Incident and Authoritative Contact -
- Designated manager of security incident reporting and official responses to security incidents (breaches), responds to potential policy violations or complaints from external parties.
- Leads the oversight and activities for intrusion detection and response.
- Ensures the internal control systems are monitored and that appropriate access levels are maintained.
- Investigates security breaches and develop after-action reports.
- Acts as the designee representing the Information Technology Department on information security matters.
- Serves as the contact point for external auditors, survey requests, and for department security/privacy matters.
- Initiates, facilitates, and promotes activities to create information security awareness and training throughout the organization.
- Participates in meetings, in-service training, workshops, etc. for the purpose of gathering information required to perform job functions.
KNOWLEDGE, SKILLS AND ABILITIES
- Knowledge of technology hardware and software which includes, but is not limited to systems, application languages, server-based systems, cloud computing, personal computers, local and wide area network configurations and management, information/data management software and state-of-the-art system development and maintenance technologies
- Local, state, and federal laws, rules, policies, and regulations affecting information security and related technology and systems
- Strategic planning, preparation, and projection
- Effective leadership and organizational communication principles and practices.
- Working knowledge of prevailing industry security standards and Common Body of Knowledge gained by way of CISSP, SANS, and/or CISA Certification(s).
Skills and abilities to:
- Manage and oversee comprehensive information security programs
- Lead diverse technologies, employees, and customer groups
- Communicate effectively in writing and orally, including the ability to make public or staff presentations
- Establish and maintain effective working relationships with a variety of individuals and groups, including customers in high-stress situations
- Assist in confidential investigations.
- Skill in identifying information security problem areas, formulating diagnoses, and proposing practical solutions.
- Deep understanding of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Ability to establish and maintain effective working relationships with employees, systems users, outside consultants, and vendors.
- Certified Information Systems Security Professional (CISSP), or formal security certifications from (ISC)², GIAC, CompTIA, ISACA.
- Information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessments.
- Senior level knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security software.
EXPERIENCE AND TRAINING
- Bachelor's degree from a four-year accredited college or university with major coursework in Computer Science, Information Technology, or a related field; AND 2. Five (5) or more years of progressive experience in computing and information security, including experience with Internet technology and security issues; OR 3. Any satisfactory equivalent combination of nine (9) years or more of education, training, and/or experience relevant to the position.
This position is located in Salem, OR. Consultants should reside in the area or indicate the reason they are willing/seeking to relocate. Also, interested Consultants must indicate they are willing to relocate at their own expense as this position does not offer relocation assistance.
Any offer of employment will be conditional, based on successfully passing a Criminal Background Check.
Meridian Technology Group is committed to equal employment opportunity (EEO) and non-discrimination for all employees in all job classifications and for prospective employees without regard to race, color, religion, sex, age, sexual orientation, veteran status, physical or mental disability, national origin, or any other characteristic protected by applicable federal or state law. All hiring is contingent on eligibility to work in the United States. We are unable to sponsor applicants for work visas therefore, please do not apply if you are not eligible to work without sponsorship, as sponsorship is not available at this time. No 3rd party companies/candidates.
Please apply with your resume now or
contact us for more details:
Meridian Technology Group Recruiting Team
(503)697-1600 in Oregon
(800)755-1038 outside Oregon
Learn how to earn up to $1,000 with Meridian’s Referral Program.