Senior Information Security Analyst

Senior Information Security Analyst

Our Client is a leading global company specialising in pharma products.

They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security.

The Senior Information Security Analyst is responsible for maintaining information security policies, architecture, technical standards, technical controls, security solutions, guidelines, procedures, and other elements necessary to maintain security posture.

Responsible for assessing information risk and facilitating remediation of identified vulnerabilities & risks across the organization.

Accountable for coordinating the execution of security measures to protect our computer infrastructure, information systems and to ensure the organization maintains an acceptable risk posture.

The Senior Information Security Analyst is highly engaged in risk management and mitigation, including evaluating vendor risk, examining vendor contracts for terms of service, understanding third-party risk, and data privacy issues.

The analyst serves as an expert on cybersecurity protection, detection, response, and recovery.

This individual is responsible for coordinating penetration testing and managing internal and external cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, business systems, data leakage protection systems, patching, encryption, vulnerability scanning, application code scanning, remediation as well as defining configuration for a variety of security tools. Prior experience in an international enterprise environment is essential.

• Collaborate with IT teams for input and operational requirements to design and implement the company's overall cybersecurity strategy.
• Identify and address security gaps discovered through ongoing monitoring of all information security controls and implement enhancements to security controls.
• Manage access to elevated privileges accounts and audit activities to meet business and regulatory requirements.
• Evaluate and/or implement cybersecurity solutions and controls to maintain confidentiality, integrity, and availability.
• Actively participate in proofs-of-concept for new security technologies by developing selection criteria to identify appropriate security solutions to support strategic, operational needs, and security requirements.
• Participate in the development and testing of the security incident response plan, act as the incident response leader.
• Develop security, risk, and compliance reports and alerts.
• Participate in the yearly review of policies and procedures to support information security, risk, and security compliance activities.
• Participates in developing, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.
• Manages cybersecurity projects to ensure that the delivery is on-time, within budget, and adopted to meet the company's information protection requirements.
• Performs or coordinates internal security assessments, penetration tests, vulnerability scans, and assess organization cybersecurity maturity Complying with frameworks and regulations such as COBIT, NIST (800-53, cybersecurity), ISO, ITIL, PCI, GLBA, GDPR, HIPAA, and other data privacy and security standards and regulations.
• Provides internal customer support via assigned tickets for security-related issues, while ensuring assignments are resolved within assigned SLA's.
• Evaluate and implement CIS critical security controls where necessary.
• Will provide input into cybersecurity strategic roadmap and annual budget.
• Adhere to applicable change management policy and procedure.

• Bachelor's degree required; advanced degree highly desirable. Candidates must possess significant analytical skills, which evolved from early academic training in Cybersecurity, Information Systems, Computer Science, or similar discipline.
• Provides a documented work history that includes a minimum of 5-years experience in Information Security.
• Proficiency in security framework models such as NIST, etc., implementing and auditing security measures, security response, and incident management.
• Possess a working knowledge of Cisco network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus ntimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
• Experience with identity access management solutions, such as SAML ATH
• Experience with HIDS and NIDS
• The ideal candidate possesses relevant information security or cybersecurity certifications.
• Requires the ability to analyze and recommend changes to the security landscape where necessary to meet the information security objectives of the organization.
• Participates in change management meetings and provides expert input to ensure security is maintained.
• Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion…