Reporting to the IT and Security Program Manager, the Jr. Information Security Analyst is responsible for assisting with information security policy development and maintenance, assisting with the design of security policy, education, training, and updating awareness activities; monitoring compliance with PRMG Information Security policies and applicable laws, and coordinating investigation and reporting of security incidents. Working with the CIO, IT/Application Support teams, and key management personnel, the Jr. Information Security
Analyst will assist with the monitoring, help to assess, and fine-tune the IT Business Continuity and Disaster Recovery program, and assist with performing network vulnerability testing tests, application vulnerability assessment scans and risk assessment reviews.
Essential Job Functions:
- Confidentiality: Maintains high level of confidentiality.
- Training: Suggests training ideas for users based upon information acquired when resolving support requests. Provides heavy telephone/email support to system users.
- Communication: Must communicate in an articulate manner, both verbally and written.
- Equipment: Uses such office equipment as telephone, computer terminals, copiers and FAX machines.
- Physical: Specific vision abilities required by this position include close vision, distance vision, color vision and peripheral vision. Sits for extended periods. Hearing within normal ranges.
- Assist with monitoring information security issues related to the systems and workflowat PRMG to ensure the internal security controls are appropriate and operating as intended.
- Assist with the coordination and execution of IT security projects.
- Coordinate response to information security incidents.
- Assist with conducting vulnerability assessments and remediation plans
- Assist with risk assessment reviews for the various information systems
- Maintain, develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
- Assist with conducting data classification assessment and security audits and manage remediation plans.
- Collaborate with IT management, the legal and compliance department, and system developers to manage security vulnerabilities.
- Assist with maintaining user security awareness program.
- Keep informed of the latest security issues within the security community and industry.
- Perform other related duties as assigned.
BA or BS in Computer Science, Management Information Systems, or related field. Advanced degree desirable. Three+ years of progressive experience in computing and information security, including experience with Internet technology and security issues. Experience should include security policy development, security education, network testing, application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired. Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis. This position requires some weekend and evening assignments as well as availability during offhours for participation in scheduled and unscheduled activities.