The Senior Technical Security Analyst is primarily responsible for providing technical security advice and assistance on project teams and assessing technical security risk associated with application, systems ,and supporting architecture in accordance with ACT policy, standards, and industry best practices or benchmarks. The Senior Technical Security Analyst will work with various departments, including Enterprise Architecture, Information Technology, Operations Security, Quality Assurance, and project teams.
Typical work-related activities include:
Develop and implement (embed) an IS risk assessment framework, including supporting artifacts (e.g., process flow diagrams, questionnaires) related to projects or strategic initiatives that enables the robust identification, evaluation, and response to security risks, threats, and vulnerabilities
Through participation on project teams or via ad-hoc request, provide detailed, written technical security advice or recommendations related to new projects or systems that enhance IS posture and ensure secure implementation
Provide advisory services and/or recommendations related to business processes, procedures, etc. that minimizes IS risk, but supports a positive customer experience and balances business need
Assist with the development and documentation of action plans that ensure the timely and effective remediation of ‘significant’ residual risks related to new projects or enhancements
Develop, maintain, and embed a technical security assessment framework, processes, and associated documentation to guide the execution of the consistent, robust, and effective assessment of technical architecture design and implementation related to system development, implementations, or programs
Collaborate with the enterprise architecture team to identify, document ,and ensure the implementation of a robust set of technical security architecture requirements or specifications (i.e., physical, virtual, and logical) that ensure an appropriate balance between information security and business need(s)
Act as technical security subject matter expert (SME) related to industry best practices, standards, and practices, including security design and implementation, advancements in the security field, market trends, emerging security threats, or vulnerabilities, etc.
Assist with the implementation and maintenance of an IS program that is aligned and calibrated to the risk tolerance or posture of the organization
Bachelor’s Degree in Computer Science or Management Information Systems or related area
Or an equivalent combination of education and experience from which comparable knowledge and abilities can be acquired
Professional certification, such as CISSP, CISM, CISA, CRISC, or other information security credentials or commitment to achieve certification within one year of hire required
Minimum of five years of experience in application/IT Security
Extensive experience in IS architecture and technologies, including cloud service providers
Experience in secure application programming code reviewing and penetration testing applications
Deep understanding and demonstrated experience related to IS architecture discipline, including:processes, concepts, and best practices
Experience auditing information systems and reporting findings preferred
IT platform, systems, and technology integration experience preferred
Infrastructure administration and implementation experience preferred
KNOWLEDGE, SKILLS, AND ABILITIES:
Strong verbal and written communication skills, including the ability to effectively translate and communicate highly technical security concepts into business terms
Demonstrated ability to gain alignment, influence change, and drive results
Knowledge of technological trends and developments in the area of IS and risk management
Knowledge of Network Penetration Testing activities, techniques, and vulnerabilities preferred
Knowledge of IS and risk control frameworks and best practices such as COBiT, ISO 27000 series, ITIL, NIST 800-53, PCI-DSS, OWASP
Must be analytical, assertive, detail-oriented, and able to navigate ambiguity
Excellent collaboration and customer service skills
Starting salary commensurate with qualifications. Excellent benefits and work environment.
ACT is a mission-driven, non-profit organization dedicated to helping people achieve education and workplace success. We are trusted as a national leader in college and career readiness, providing high-quality assessments grounded in nearly 60 years of research. While millions of individuals take the ACT test each year, that's just one aspect of our work. From elementary school through career, ACT... offers individuals a uniquely integrated set of solutions designed to provide personalized insights throughout their life.