Reporting to the Chief Information Security Officer (CISO), the Information Security Analyst is responsible for information security policy development and maintenance; monitoring compliance with Firm IT security policy and applicable law; communicating security policy education and awareness activities and coordinating investigation and reporting of security incidents. Working with Loeb’s Technology Systems (LTS) support team, the Information Security Analyst will assess business continuity and disaster recovery programs, perform network penetration tests, vulnerability assessment scans and risk assessment reviews.
Duties and/or Responsibilities:
Coordinate response and/or remediate information security incidents.
Participate and implement IT security projects for the firm.
Monitor and advise on information security issues related to the systems and workflow to ensure the internal security
controls for the firm are appropriate and operating as intended.
Maintain Information Security policies, procedures, standards and guidelines based on knowledge of best practices
and compliance requirements.
Conduct firm-wide data classification assessment and security audits and manage remediation plans.
Communicate and participate in maintaining user security awareness.
Conduct security research in keeping abreast of la test security issues.
Actively participate in security communities such as LegalSEC.
Maintain the ISMS (Information Security Management System).
Maintain the ISO 270001 Statement of Applicability, Controls and Risk treatment.
Participate in planning of firm Disaster Recovery/Business Continuity initiatives.
Perform other related duties a s assigned.
The Information Security Analyst will be expected to have:
3-5 years working in the IT field and/or with IT Security.
Expert knowledge of Security tools and concepts including: IDS/IPS; SIEM; Web Proxy; Encryption; Patch management; Vulnerability Scanning & Remediation; Forensics; Penetration Testing; DLP; Email Gateways; Anti -spam Services; MDM; Privileged Account Management; Log Analytics; Two Factor Authentication; Single Sign On; Antivirus.
Exceptional communication skills both within and outside of the IT Department.
Knowledge of security best practices and concepts that maintain and enforce security policies
High understanding of the mechanisms of exploitation and corresponding mitigation techniques
Ability to analyze and prepare recommendations relating to security and compliance for existing and future IT architecture.
Ability to communicate security exposures, misuse or non-compliance situations to management
Education and Experience
Any combination equivalent to: Bachelor’s degree in Information Security & Assurance and/or equivalent IT industry experience. At least 3 years of experience working in a Microsoft/Cisco network environment