Advantage Tech is looking for a Senior Continuity and Security Assurance Analyst for our Lee's Summit Client.
Contributes to the Cybersecurity and Information Protection (CIP) department’s mission to effectively manage security threats and risks that could potentially impact Company’s goals and objectives. The CIP Senior Continuity and Security Assurance Analyst is responsible for actively planning and executing risk, security and control assessment activities in support of the organization’s security objectives which include protecting the confidentiality, integrity and availability of the organization’s information assets in compliance with organizational policies, procedures, standards, laws, and regulations.
Responsible for designing, developing and executing risk-based security and control assessments to support security and risk management objectives. This includes, but is not limited to, assisting management with scoping IT security assessment initiatives, developing security assessment work programs and protocols and generating security assessment reports.
Responsible for assisting CIP Security Engineers, CIP Security Analysts and Risk Analysts with security and risk management remediation activities.
Responsible for the evaluation and analysis of user access across the enterprise in support of User Access Control Review program. This includes performing periodic review of user permissions, group membership and evaluating user access for potential segregation of duties (SoD) conflicts at the application, database, operating system and network layers.
Responsible for periodically assessing baseline compliance with internally documented baseline security configuration documentation. This would include, but is not limited to, assessing security configuration settings using internal baseline configuration documentation, assessing security configuration settings using external security baseline guides and best practices,
Responsible for performing risk, security and control testing and analysis as part of project management life-cycle (PMLC) and system development and acquisition life-cycle (SDLC) programs. This includes but is not limited to assessing security risks and controls at each stage of the PMLC and SDLC, assessing business requirements to ensure risk, security and controls are appropriately accounted for and completing security and risk management artifacts as outlined by PMLC and SDLC policy.
Assists Security, Risk, Compliance and Legal teams with security incidents, investigations and e-discovery requests including the collection of evidence, analysis, and resolution efforts.
Participates in internal and external audit support activities. Performs activities to resolve open audit issues.
Assists with the identification and classification of information assets.
Assists with developing and implementing cybersecurity and information security policies and procedures.
Creates and maintains security assurance documentation in support of team assessment and analysis responsibilities.
Develop and executes security awareness and training program.
Assist with ensuring the availability of information systems and information assets in accordance with applicable laws, regulations, policies and standards
Assist the manager with maintaining Business Continuity and Disaster Recovery (BCDR) program, framework, policies, procedures and controls.
Executes Vendor Risk Assessment program including review of maturity assessments, SOC and/or HITRUST reports.
Establishes monitoring of cyber and information security posture to identify potential risks and areas of improvement for vendors.
Must have prior experience executing security assessments, risk assessments, compliance assessments, control assessments and IT audits initiatives.
Must be customer service focused, organized, detail oriented, analytical, able to multitask and have effective verbal and written communication skills to interface with management and employees.
Requires a Bachelor’s degree in Computer Science, Information Systems, or related discipline.
Requires five plus years of experience in Information Technology, Information Security, IT Assurance, IT Governance, Risk Management and/or Business Continuity Management.
Requires one or more of the following governance, risk, assurance or security certifications: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC or related governance, security, risk management or business continuity/disaster recovery certifications.
Additional years of qualifying experience may be considered in lieu of formal education and certification requirements.
Requires working knowledge of the following governance, risk, security and control frameworks; COSO, COBIT, ITIL, ISO 31000, ISO 27002, ISO 22301, NIST CSF, NIST 800-53 and SANS CSC.
Requires working experience with enterprise-class GRC systems (e.g., Archer, MetricStream, LockPath, etc.).
Requires thorough knowledge of Microsoft Office applications.
Excellent oral and written communication skills required, including the ability to explain risk issues and technology solutions in business terms, establish rapport with business leaders, build consensus and foster collaboration across multiple divisions, business units and teams.
Requires effective presentation skills.
Excellent interpersonal skills required. Track record of building and fostering collaborative internal and external business relationships required.
Advantage Tech is proud to be recognized as Kansas City Business Journal’s #1 locally owned IT staffing firm. We are passionate about delivering world-class service and value to our consultants and clients.
Please visit www.advantagetech.net to learn more about our culture, benefits and career opportunities.