Financial services company is seeking an Information Security Analyst for a 6-12 month contract opportunity in the Woodlands, TX. The Information Security Analyst is responsible for analyzing information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss; monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security. Conduct vulnerability assessments and monitor systems, network, databases, and Web for potential system breaches. May be assigned responsibility for internal or external systems security (i.e., cloud services) with oversight and/or assistance from the Manager, Information Security
- Perform, as needed
,Information Security, application, and system security functionality testing to ensure adequate controls are applied and/or configured pre- implementation and post-implementation.
- Vulnerabilities - conduct vulnerability assessments and monitor systems and ensure critical and high vulnerabilities are tracked managed and remediated within the documented SLA’s; determine an action plan to reduce vulnerabilities and/or document the exceptions based on acceptance of risk.
- Control Testing - Perform Information Program controls testing sequences that are assigned to the team as part of the Information Security Program, such as Data Loss Prevention (DLP), scanning for cardholder data locations and retention periods, phishing simulations, exploit simulations, physical network security, etc.
- Control Monitoring - Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security; respond to alerts from information security tools, report, investigate and resolve security incidents.
- Configuration Review - Assist in reviewing configuration of DLP, HIPs, Encryption, and Anti-Virus systems including monthly reports on scans to ensure cardholder data and systems are secure.
- Information Security Program Controls - Ensure that all IS Program controls are sent out and validated throughout the year on a monthly and quarterly basis to proactively
ensure all controls are operating effectively; ensure that historical data is retained and available to be reviewed by internal audit.
- Compliance - PCI - Work with external PCI QSA and multiple internal teams that are responsible for providing updated policies, evidence for PCI requirements. Achieve annual Report on Compliance (ROC); ensure compliance with other regulations and privacy laws as applicable.
- Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach; contribute to the annual review of security policies and assist in keeping policies current.
- Educate and communicate security requirements and procedures to all users. Participate in developing additional or current Security related training.
- Attend monthly Information Committee meetings as required.
- Participate in industry/peer group/conferences as necessary to stay current with Information Security trends and best practices.
- Complete assigned industry and/or job-related training as required.
- Good understanding of assessing, utilizing, supporting and/or maintaining of logical and physical security architectures and technologies including but not limited to IPS/IDS, firewall, SIEM, VPN, anti-virus, email, web, data, video, physical access control hardware and related operating systems & supporting software.
- Communicate clearly and concisely, both orally and in writing.
- Multi-task and adhere to priorities and meet deadlines.
- Ability to work in a fast paced, collaborative environment, drawing on the expertise of all team members to deliver projects.
- Good understanding of technical writing and documentation skills.
- Minimum of 2 years’ directly related experience or other transferrable technical experience.
Formal Education & Certification:
- Bachelor’s degree in Information Systems, Computer Science or a related discipline preferred, or an equivalent amount of directly related work experience.
- One or more of the following certifications is preferred:
- CompTIA Security +
- CompTIA Advanced Security Practitioner (CASP)