BridgeView IT is seeking an IT Security Analyst located in Denver, CO. (DTC). One of our top clients is growing their Security team. In this role, the Security Analyst will conduct risk management assessments, design, testing and implementation of security tools and controls, and participate as a subject matter expert on projects. This Security Analyst is responsible for the maintenance of, and monitoring compliance with, information security governance policies and procedures; ensuring timely responses to client/customer RFP’s and questionnaires; research and investigation of security alerts; providing security awareness training and materials to staff; and assisting with response, research and investigation of security incidents.
- 3+ years previous information technology audit experience, and/or 4 years information security analyst experience required. (Preferably in highly complex technical environment, within the Financial Services area.) Previous experience should include: security incident response, performing extensive security planning, and conducting information security audits.
- 3+ years project management experience including the ability to organize, plan, prioritize and complete assignments with minimal supervision
- Prior experience should include having applied relevant technical knowledge in at least one of the following areas:
- Internal or Operational IT audits
- Information security technologies, tools, and best practices
- Working with external vendors for penetration testing, audits, or other regulatory related requests
- Participating in defining overall governance strategies and plans
- Demonstrated ability to clearly communicate information security technical issues & concepts using language and examples, to a wide audience of both technical and non-technical personnel (to include executives, auditors, end users, and engineers.)
- Demonstrated working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling) is required.
- Demonstrated ability to interpret information security data and processes, to identify risk and potential compliance issues is required.
- Bachelor’s Degree (Computer Science or Information Systems) and/or equivalent applicable experience.
- Plans, implements and maintains security administration for people, process and technology in assigned functional areas (e.g., policies, vendor management, awareness and training, RFI/RFP).
- Assesses the impact on the business caused by theft, destruction, alteration, or denial of access to information.
- Conduct evaluations to verify that appropriate security controls are in place on all devices and processes within the corporate network and application development functions.
- Provide the necessary support to monitor and ensure compliance with information security policies and procedures including assistance with technical reviews and identification of security risks.
- Develop information security end-user communication and training materials, including general population, as well as targeted audiences such as developers, system administrators, DBAs, supervisors and officers.
- Work directly with internal teams and external customers to provide guidance and documentation for security related purposes.
- Partner with IT and businesses to enhance enterprise awareness of IT security requirements/controls and embed these controls into the system development life cycle.
- Identify, monitor, and report on IT issues (control gaps, issues, findings, vulnerabilities) identified during audits/assessments and associated remediation activities.
- Perform vendor security risk assessments. Translate and communicate the results to vendor management and business partners.
- Perform other tasks related to developing, monitoring, and assessing the effectiveness of IT security controls as assigned. Assist in the execution of special assignments and projects as directed.
- Coordinates and manages proposals/project responses as an Information Security/Risk Subject Matter Expert on an assigned basis and works with various teams and subject matter experts to ensure the appropriate strategy is used, and responses provided, to accurately meet the objectives of the RFP.