Infrastructure Security Analyst
|Reference # :||20-00010||Title :||Infrastructure Security Analyst|
|Location :||White Plains, NY|
|Position Type :||Contract|
|Experience Level :||Start Date :||01/06/2020|
Contract to Hire
White Plains NY
No relocation assistance
MUST HAVE ICS/SCADA experience
Design and implement IT security for the Danone North America. Works closely with team members, end users, and other IT departments to design, implement, support, and maintain Vendor Management process, manage information security related audit requirements, and vulnerability management on our web presence.
Security Analysts will monitor for changes in cyber/human activity, security application alerts, vulnerabilities, cyber threats, and then identify and communicate course of action for remediation.
• Responsible to handle the entire vendor management process end to end, from initial and periodical vendor vetting, risk analysis of the potential purchased solution, and security amendments in the contract
• Enhance support and maintain the web application vulnerability program with Qualys or Acunetix.
• Timely response to security threats by initiating appropriate requests as well as managing team's ticketing queue
• Project management skills and capability of managing multiple projects simultaneously as well as using standard tools
• Experienced with information security metrics, Excell dashboards or other data analysis tools
• Provide metrics and dashboards on all activities performed and documentation for status reports
• BCP / DR extensive knowledge – plan revisions, maintenance, testing
• Support and respond to audit procedures and findings. Ability to effectively adapt to rapidly changing technologies and apply them to business needs.
• Strong knowledge and understanding of business and business processes; strong business planning skills.
• Familiarity with Data Privacy legislation (GDPR, CCPA and pending law) and understanding of Data Privacy concerns within the business environment.
• Knowledge of pertinent legal controls (PCI, HIPAA); understanding of compliance requirements and ability to convey that understanding to users, support staff and Management.
• Champion security policy and "best practices” within the business environment.
• Solid teamwork and interpersonal skills and ability to communicate with customers, employees and management.
• Strong oral and written communication skills.
• Demonstrated competency in developing efficient and effective solutions to diverse and complex business problems.
PREFERRED CANDIDATE QUALIFICATIONS:
Education and Experience:
• Bachelor's degree in Computer Science, Information Systems, Business Administration, or other closely related field required. Or equivalent experience.
• 5+ years of experience with system security is desired.
• 1 to 2 years of experience in the administration of IT devices and networking. Network Administration and Network Security experience a plus
• CompTIA - Security+ preferred
• Deep understanding of Windows security, Active directory, Group policies, Network protocols.
• Rudimentary hands-on software and hardware configuration experience.
• Capability to interpret, understand and remediate penetration test results.
• Vulnerability management lifecycle skills
• ICS (Industrial controls systems), SCADA security experience
• Deep understanding of PCI DSS, HIPAA, GDPR and Data privacy requirements and control mapping
• Business Process understanding (Distribution industry preferred)
• Understanding of Application flow (ability to interpret processing in a network computing environment) and Application security
• Excellent MS Excel skills on multiple topics: pivot tables, graphs, analysis, macros etc.
Knowledge, Skills and Abilities:
• The ability to set up, configure and troubleshoot a basic corporate network infrastructure.
• Strong skills in the areas of communication, collaboration, customer focus, business/critical thinking, project management, leadership, and value creation are required.
• Demonstrate a strong interest and understanding of general network security concepts.
• Ability to communicate in an effective manner and interact with different levels of administration, technical and management with customers.
• Ability to understand technical manuals, online technical documentation, software specifications, and systems software operations.
• Excellent communication skills, good analytical and negotiation skills, and close attention to detail required. Must have excellent leadership, interpersonal and motivation skills and be a team player.
• Ability to communicate complex technical information to non- technical audiences required.
• Demonstrated adaptability to change, customer focus, continuous learning, and problem solving required