Information Security Analyst
At Ascensus, technology is more than just a solution.
It powers the business that helps millions of people save for what matters--retirement, education, and healthcare.
Our technology experts tackle exciting challenges in collaborative teams, but work in an environment where individual and career development is always valued.
Technology associates leverage their talents and passion, building new and innovative platforms, creating programs founded in automation in agile frameworks, and driving existing and new markets--all of which supports the rapid growth of a dynamic industry leader.
Section 1:
Position Summary The Information Security Analyst will be a member of the Information Security team, leading cyber security-related analytical and compliance-focused efforts.
This role will balance business priorities, information security risks, emerging threats and compliance-related best security practices when pursuing appropriate mitigation strategies ensuring the confidentiality, integrity, and availability of information assets.
The Security Analyst will develop and maintain relationships with multiple areas of the business to include risk management, compliance, legal, facilities, and all areas of IT.
Section 2:
Job Functions, Essential Duties and Responsibilities Responsible for protecting, securing, and proper handling of all confidential data held by Ascensus to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to Ascensus or our clients.
Participate in the business RFP process to help attract, win, and retain business, acting as the SME for Information Security-related inquiries.
Collaborate with business relationship managers in all divisions to answer client-initiated audit requests.
Process requests for new and existing vendors, handling the information security tasks associated with the vendor review and certification process.
Review vendor's attestation documents to confirm required security controls are in place and tested properly.
Confirm compliance in alignment with Ascensus' vendor risk management program.
Review individual answers from vendors and determine if company policy and contractual requirements are being met.
Identify exception requests and escalate to assigned BISO as needed.
Lead the Information Security portion(s) of the SOC2 and ISO recertification processes:
monitor, test, and report on design and effectiveness of internal controls.
Organize materials used for assessment to be reused for future assessments to improve efficiency and expedience.
Performing gap assessments against existing or prevailing information security controls to decide whether or not a control is satisfactory.
Communicate results across teams and work to improve or develop controls.
Map controls to roles and policy within the Governance Risk and Compliance (GRC system Coordinate and process policy updates from BISOs and present to risk management policy review committee.
Responsible for gathering and processing Information Security scorecard metrics.
Participate in industry-related organizations such as ISACA, FS-ISAC, IANS, etc.
to gain knowledge and experience.
Lead increasingly complex efforts to enhance processes & procedures within the Information Security function.
Our I-Client service philosophy and our Core Values of People Matter, Quality First and Integrity Always should be visible in your actions on a day-to-day basis showing your support of our organizational culture.
Assist with other tasks and projects as assigned.
Supervision N/A Section 3:
Experience, Skills, Knowledge Requirements Bachelor's degree or Associate degree plus equivalent work experience required.
A minimum of 3 years of experience.
Security Certifications like Security+, Network
or Associate of ISC2.
Knowledge of information security policies, controls, and processes.
Familiarity with the audit processes for information systems and security.
Knowledge infrastructure (networks, servers), databases and internet technologies.
Understanding of application platforms including web, mobile, and cloud.
Knowledge or experience working with Governance Risk & Compliance (GRC) systems such as LogicManager, eGRC, RSA Archer etc.
Experience in security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes.
Strong written and oral communication skills.
The ability to communicate effectively (clear, concise, and professionally) with all levels within Ascensus.
Highly organized and able to process and manage inventories of controls and findings.
Excellent analytical and problem resolution skills.
Self-starter and able to work independently.
Persistence and strength to champion initiatives.
Proficiency in MS Office software applications, specifically Word, Excel, and Power Point.
Experience managing projects, creating plans, tracking tasks, and escalating issues.
For virtual remote positions , we require an uninterrupted workspace during business hours and an internet work speed of 25 Mbps or better.
If you are unsure of your internet speed before applying, please check with your service provider.
We are proud to be an Equal Opportunity Employer Recommended Skills Assessments Business Priorities Communication Computer Security Confidentiality Coordinating Estimated Salary: $20 to $28 per hour based on qualifications.
It powers the business that helps millions of people save for what matters--retirement, education, and healthcare.
Our technology experts tackle exciting challenges in collaborative teams, but work in an environment where individual and career development is always valued.
Technology associates leverage their talents and passion, building new and innovative platforms, creating programs founded in automation in agile frameworks, and driving existing and new markets--all of which supports the rapid growth of a dynamic industry leader.
Section 1:
Position Summary The Information Security Analyst will be a member of the Information Security team, leading cyber security-related analytical and compliance-focused efforts.
This role will balance business priorities, information security risks, emerging threats and compliance-related best security practices when pursuing appropriate mitigation strategies ensuring the confidentiality, integrity, and availability of information assets.
The Security Analyst will develop and maintain relationships with multiple areas of the business to include risk management, compliance, legal, facilities, and all areas of IT.
Section 2:
Job Functions, Essential Duties and Responsibilities Responsible for protecting, securing, and proper handling of all confidential data held by Ascensus to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to Ascensus or our clients.
Participate in the business RFP process to help attract, win, and retain business, acting as the SME for Information Security-related inquiries.
Collaborate with business relationship managers in all divisions to answer client-initiated audit requests.
Process requests for new and existing vendors, handling the information security tasks associated with the vendor review and certification process.
Review vendor's attestation documents to confirm required security controls are in place and tested properly.
Confirm compliance in alignment with Ascensus' vendor risk management program.
Review individual answers from vendors and determine if company policy and contractual requirements are being met.
Identify exception requests and escalate to assigned BISO as needed.
Lead the Information Security portion(s) of the SOC2 and ISO recertification processes:
monitor, test, and report on design and effectiveness of internal controls.
Organize materials used for assessment to be reused for future assessments to improve efficiency and expedience.
Performing gap assessments against existing or prevailing information security controls to decide whether or not a control is satisfactory.
Communicate results across teams and work to improve or develop controls.
Map controls to roles and policy within the Governance Risk and Compliance (GRC system Coordinate and process policy updates from BISOs and present to risk management policy review committee.
Responsible for gathering and processing Information Security scorecard metrics.
Participate in industry-related organizations such as ISACA, FS-ISAC, IANS, etc.
to gain knowledge and experience.
Lead increasingly complex efforts to enhance processes & procedures within the Information Security function.
Our I-Client service philosophy and our Core Values of People Matter, Quality First and Integrity Always should be visible in your actions on a day-to-day basis showing your support of our organizational culture.
Assist with other tasks and projects as assigned.
Supervision N/A Section 3:
Experience, Skills, Knowledge Requirements Bachelor's degree or Associate degree plus equivalent work experience required.
A minimum of 3 years of experience.
Security Certifications like Security+, Network
or Associate of ISC2.
Knowledge of information security policies, controls, and processes.
Familiarity with the audit processes for information systems and security.
Knowledge infrastructure (networks, servers), databases and internet technologies.
Understanding of application platforms including web, mobile, and cloud.
Knowledge or experience working with Governance Risk & Compliance (GRC) systems such as LogicManager, eGRC, RSA Archer etc.
Experience in security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes.
Strong written and oral communication skills.
The ability to communicate effectively (clear, concise, and professionally) with all levels within Ascensus.
Highly organized and able to process and manage inventories of controls and findings.
Excellent analytical and problem resolution skills.
Self-starter and able to work independently.
Persistence and strength to champion initiatives.
Proficiency in MS Office software applications, specifically Word, Excel, and Power Point.
Experience managing projects, creating plans, tracking tasks, and escalating issues.
For virtual remote positions , we require an uninterrupted workspace during business hours and an internet work speed of 25 Mbps or better.
If you are unsure of your internet speed before applying, please check with your service provider.
We are proud to be an Equal Opportunity Employer Recommended Skills Assessments Business Priorities Communication Computer Security Confidentiality Coordinating Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
