Information Security Analyst
Tampa (Hillsborough County) IT development
Job description
JOB DESCRIPTION
The Information Security Analyst works in support of Information Security and Compliance requirements across the Benefits Accounts line of business, collaborating with all departments, customers and partners. This position reports to the Director of Information Security for Benefits Accounts. The Information Security Analyst will be on the front line of threat detection and remediation. This position will also be responsible for tactical incident response including forensics in addition to performing services like SIEM monitoring, FW/IPS/IDS analysis, security education, vulnerability management and auditing. This position will maintain a broad knowledge of current and emerging threats as they develop across the industry.
The Role
· Works on a team within the Information Security and Compliance organization, focusing on IT Security programs, processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters.
· Implementing, configuring, and managing security monitoring tools.
· Respond to Security Information Event Management (SIEM) events
· Tactical incident response for information security incidents.
· Ability to analyze the information and determine the risk to the organization.
· Assess security posture by performing periodic assessments and audits of access controls.
· Review Intrusion Detection and Prevention/Firewall information to perform analytics and forensics methodologies.
· Identify vulnerabilities within the information system, provide the engineering teams with the appropriate data to remediate the vulnerability and perform validation of vulnerability remediation.
· Knowledge of computer security systems, applications, procedures, and techniques to meet regulatory compliance initiatives.
· Conduct technical research and analysis related to cyber security, primarily in the areas of forensics and reverse engineering of malware.
· Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in laws and regulations such as requirements to comply with SSAE 18 SOC I & II, PCI-DSS (Payment Card Industry) Security Standards, HIPAA, state and federal Privacy law.
· Understand and implement best practices based on security frameworks such as such ISO 27002 and NIST.
· Acts as a liaison regarding the work of information security consultants, contractors, temporaries, and outsourcing firms related to areas of responsibility.
· Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
· Participate on interdisciplinary teams of Engineers, Architects, and Operations personnel to ensure best practices, security education and risk mitigation.
The Requirements
· 2-5 years’ experience in Information Security.
· Experienced in log aggregation and correlation SIEM (Tripwire Log Center a plus)
· Experienced in file integrity monitoring FIM (Tripwire Enterprise a plus)
· Experienced in methodologies and tools for identifying and exploiting vulnerabilities (Kali tools, Nessus vulnerability scanners, Metasploit, and wireless penetration technologies a plus).
· Bachelor’s Degree in Information Systems, Computer Science or Equivalent Professional Experience.
· Proven, broad, in-depth technical knowledge of Security principles and process is required.
· Security Certifications preferred (CISSP or equivalent).
· Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a highly-matrixed organization. Capable of delivering results through a position of influence, not authority. Take personal initiative and is a positive example for others to emulate.
· Maintain industry relationships and look to all sources available to develop the best technology strategies.
· Adept at communicating complex concepts to diverse audiences with varying skills sets.
· Written and verbal communication skills are critical. Must be able to communicate with the technology providers as well as with business leaders. An ability to understand the technical details and communicate at a high level is essential
· Understanding of applicable regulatory requirements and standards including SSAE18 SOC I & II, PCI DSS, GLBA, and HIPAA.
· Familiar with security frameworks such as ISO 27002 and NIST.
The Company
Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com.
Willis Towers Watson is an equal opportunity employer
Willis Towers Watson is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability.
Equal Employment Opportunity:Know your rights.
Unsolicitated Contact : Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.