Back to Job Search

Black Duck InfoSec Analyst

  • Location: Tampa, FL, 33610
  • Job Type:Contract

Posted 29 days ago

Terrific 12+ month contract opening in Tampa, FL for an Information Security Analyst with Black Duck experience.  Will assist in the management of the Component Vulnerability Management (CVM) Program which identifies security risks of known 3rd party and open source vulnerabilities within applications across the enterprise. Black Duck is the main tool the CVM program uses for software composition analysis to identify vulnerable open source in 3rd party libraries.  Must have good technical skills, good oral and written communication skills and be able to inform and influence a broad range of stakeholders. 

Will be responsible for ensuring effective ongoing program governance, reporting, and escalation. Will report to the Information Security Program Lead and work with the business-embedded Global Information Security Officers and the respective Development Organizations to meet ongoing program milestones. Will also assist with the implementation of new IS/IT Risk Management processes and help identify opportunities for process improvements.

Responsibilities include:
• Assist in the management of the CVM Program deliverables, milestones and to a no “surprise” culture.
• Help the business-embedded ISOs and Application Managers to manage and track CVM Findings in compliance with the company’s Policies and Standards.
• Assist in the management of the CVM Program to defined Metrics & Reporting Thresholds. 
• Act as the liaison between the Application Managers/Control Teams and the Technology infrastructure Team to resolve any identified issues.
• Help to ensure that critical IT risk issues are communicated to and reviewed by appropriate levels of management.
• Assist with the delivery of key IT Risk Management program deliverables whether deemed a fire drill or Business As Usual.
• Help to ensure that critical IT control processes conform to standards and provide appropriate reporting.
• Assist in monitoring applicability and changes to internal policies and adjust approach as required. This may entail adjusting existing reports, creating new reports, and changing approach in dealing with end users.
• Provide guidance and coordination with other corporate groups around approaches, solutions and best practices in governance, information risk management, program development and security compliance.
• Help to measure and report on the effectiveness and efficiency of IT Risk Management activities to management.
• Liaise, consult and help in providing leadership to the business with technical security issues, standards, program development, security training/awareness and information protection best practices.
• Assist in ensuring alignment of IT security architecture, policies, procedures and standards with the corporate risk profile.
• Assist in the development of a reporting framework and process, citing results and establishing recommendations and timelines to improve overall IT security within the group.
• Assist in the development of a framework and process responsible for assessing information risks and creating corresponding mitigation plans. 
• Help to monitor applicability and changes to internal and external regulations affecting technology, information protection and risk.
• Help to ensure communication of key Information Security strategies and plans to the ICG organization.

Qualifications
• Bachelor’s/Undergraduate degree required.
• 3+ years of experience with Information Security projects.
• Must have technical knowledge and understanding of Black Duck.
• Prefer CISSP and/or CISM certifications.
• Very proficient with MS Office, especially Excel and PowerPoint.
• Adept at presenting mathematical and numerical data in a format that facilitates senior management decision making.
• Ability to work with development organizations to develop solutions to security issues.
• Capable of working with both technology and business contacts in a constantly evolving environment. 
• Good analytical and problem solving skills with the ability to present data in a format that facilitates senior management decision making.
• Ability to remain calm under pressure when faced with difficult or urgent issues and competing priorities.
• Good written & verbal communication skills.
• Good organization skills.
• Good time management skills with the ability to remain calm under pressure and meet deadlines.
• Ability to multi-task and work independently with a virtual team against tight timelines.
• Comfortable working as part of global team across multiple countries, cultures and time-zones
• Passionate about information security and should welcome a challenge.
• Focused on considering business enablement while reaching balanced information risk judgments.