The Information Security Analyst will implement and support Segal's Information Security Program. The role will interface with colleagues throughout the organization including the Technology and Security Services group within IT, as well as IT Applications. In addition, the Information Security Analyst will collaborate with, and serve as a resource and advisor to Segal's Data Security Committee and its members, and to Segal as a whole.
- Support Segal's Access Management Program initiatives and evolution.
- Support Segal's Vendor Risk Management Program initiatives and evolution.
- Interface with clients as warrented to represent Segal's Information Security program and capabilities in correlation to client requirements.
- Coordinate and track Information Security related third party audits and assessments (e.g. SOC2, HIPAA Security Rule Compliance, penetration and vulnerability tests) including scope of audits, timelines, and outcomes.
- Generate and maintain Information Security reporting metrics including preparing metrics for presentation to senior company management.
- Support Segal's Data Loss Prevention (DLP) program including program evolution, event investigation, and metrics generation.
- Leverage auditing controls and processes to evaluate ongoing compliance with regulatory and client requirements which include but are not limited to: SOC2, NYSDFS, DOL Cybersecurity Guidelines, as well as Segal Information Security Policies and Procedures.
- Generate and maintain status reports and metrics on any required remediation efforts that result from Risk Assessments, Analysis, Vulnerability, and Penetration Assessments.
- Coordinate with Technology and Security Services and IT Applications management to ensure technical systems and controls are aligned with Segal and client information security goals and requirements.
- Contribute to the development, maintenance, and delivery of information security awareness content and programs.
- Create, develop and maintain comprehensive information security documentation, and policies and procedures to be leveraged in responding to client and auditor security inquiries, as well as for Segal marketing purposes.
- Provide project management for security related projects including but not limited to policies and procedures development, proposal language maintenance and audits.
- Serve as an integral part of the IT Computer Security Incident Response Team (CSIRT). Coordinate Incident Response procedures including but not limited to identification, fact gathering, and documentation.
- Monitor, investigate, interpret, correlate and evaluate Information Security alerts that are generated by Segal's various Security infrastructure components and services.
- Monitor IT security industry trends, issues, and emerging technologies. Advise, counsel, and educate IT management on their relative importance and impact.
The candidate will have 2-5 years of experience in Information Security, including recent experience with security programs (i.e. Data Access Management, Vendor Risk Management, Compliance, Data Loss Prevention, Vulnerability Management, metrics and reporting, policies and procedures, audits, governance, oversight, etc26hellip;) and technology (i.e. Intrusion Prevention Systems, e-mail and web filtering, identity and access management, Mobile Device Management, etc26hellip;). In-depth understanding of Information Security concepts. Knowledge of the security compliance requirements for HIPAA, SOC2, NYSDFS, etc26hellip;. Experience supporting related functions (such as IT audit, IT Risk Management, regulatory compliance). Experience with the development and implementation of enterprise security architectures and programs. A strong background in IT architecture and operations, with a solid understanding of security and auditing systems as well as networking protocols. Project management experience required. Strong communication, documentation, and presentation skills required. Bachelor's Degree in a related field or equivilant experience.