Job Details

Senior Analyst - Information Security (CORPORATION)

Cincinnati, OH, United States
  • Employment Type: Direct Hire
Our client, a global leading retailer, is seeking to add a Senior IS Application Security Analyst to their thriving information security team. The Analyst will be responsible for the execution, planning, development and administration of the Information Security compliance processes. The successful candidate will have experience with or knowledge of healthcare or health insurance, knowledge of CMS, HIPAA-related vendor requirements and working knowledge of Security SDLC tools. Send resumes to [email protected]

DUTIES AND RESPONSIBILITIES
  • Supports leadership to develop and expand continuous monitoring processes to assess compliance with information security policies and standards including data mapping, data inventory and data discovery
  • Conducts internal assessments to evaluate the disposition of data and operational effectiveness of policies, standards, and internal control framework to manage data
  • Implements compliance assessment methods and approaches to increase compliance with documented policies and standards. Tracks progress against defined treatment plans to verify completion of remedial activities as needed
  • Validates information security key controls to identify control risks, analyze root causes, and trends in potential control weaknesses. Suggests new controls to meet compliance standards where applicable
  • Provides business units with recommendations to improve compliance with information security policies and standards and external requirements
  • Supports vulnerability management activities to support vulnerability remediation and compliance activities
  • Analyzes data to identify risks to the organization
  • Supports the execution of vulnerability assessments conducted
  • Coordinates vulnerability assessment activities with stakeholders
  • Supports IS in achieving the vision and strategic objectives
  • Identifies competency gaps in vulnerability management services and support training plans for staff to have the skills required for vulnerability management program execution
  • Supervises and directs vulnerability management projects
  • Develops strong working relationships with internal resources to ensure a strong focus on vulnerability remediation
  • Coordinates vulnerability management activities with IT and other key stakeholders
  • Brief business leadership on vulnerability assessment results and potential risks
BASIC QUALIFICATIONS
  • Bachelor’s degree computer science, IT or equivalent
  • Experience in IT or IS; a focus in vulnerability assessment is a key
  • Prior experience executing vulnerability assessment activities such as vulnerability scans, penetration tests, web application security assessments, and application security code reviews
  • Understanding of data mapping/discovery, DLP and data inventory tools
  • Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST
  • Strong project management skills
  • Excellent presentation, verbal communication, and written skills
  • Excellent analytical and problem-solving skills
  • Ability to work in a collaborative environment across business and technology teams
PREFERRED QUALIFICATIONS
  • Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.
  • Experience or knowledge with healthcare or health insurance
  • Knowledge of CMS and HIPAA related vendor requirements
#LI-JB-1

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF, ODT. File size maximum is 2 MB.)