|Title||IT Security Analyst|
|Categories||Full-Time Position, I.T. (Non SAP), IT & Cyber Security, U.S. – South|
|Salary||$90,000 – $115,000 (DOE)|
IT Security Strategy Analyst – Houston, TX
ASAP Talent Services has been placing I.T., Cybersecurity, and ERP/SAP Professionals with many of the world’s leading companies for over 10+ years. Our team has been engaged by a local Houston company to recruit & hire 2 I.T. Security Experts – 1) a Strategy Analyst and 2) a Security Architect. These are full-time opportunities direct with a corporation (West Side of Houston / Beltway 8).
The ISSA is a member of the Information Security team and is responsible for developing key metrics and reporting to track performance, and assists in the development of the enterprise information security program by performing analysis and research, market observation and vendor management.
• Develop and build key metrics and a consistent reporting facility across various tools and systems, and meta-levels.• Perform specific market observations and vendor management to manage information security product lifecycles across various tools and determine appropriateness of next generation solutions.• Develop various building blocks, slide material, diagrams and spreadsheets as needed, in cooperation with management and other teams.• Supports the establishment of a clear governance model and tracks key security decisions and reports outcomes to management.• Provide well-researched, well-condensed, and meaningful metrics, such as Key Goal Indicators (KGI), Key Risk Indicators (KRI), and Key Performance Indicators (KPI) to ensure accurate data is provided in the making of business cases for adjustments in budget, resources, and decisions (risk approval) etc.• Effectively manage relationships with vendors and service providers, and provide constant communication regarding service level agreements.• Provide robust and reliable data and analysis to drive better security outcomes for the enterprise.• Prepare vendor rotation analysis and impact, and seeks automation solutions.• Develop technical roadmaps about product solutions and version upgrades.• Recognizes interconnected systems and how they influence each other with dependencies around versions, patch-level and vendor support.• Assesses and analyzes key security processes and documents this into a common process portfolio / security catalog.• Establishes IT-wide RACI matrices and supports the service concept of security services for the enterprise.• Provide regular and detailed, reliable, and consistent reporting to management regarding metrics, quality, coverage, historic trends, and potential indicators / root causes.• Assists management with documentation needs, risk registers, risk / heat maps, compliance reports, dashboard development, data classification schemes, and dataflow diagrams.• Perform additional duties as assigned by management.
Skills, Abilities, Experience & Qualifications
• Bachelor’s degree in Computer Science, Science, Engineering or related discipline required.
• 5+ years relevant information security experience, including security consulting and security analyst roles with exposure to various subjects like strategy, operations, governance, monitoring, and architecture is required.• Professional security management certifications, such as a CISA, CGEIT, CISM, CISSP, or other similar credentials are preferred.• Expert knowledge of security issues, techniques, best practices and frameworks (ISO27k, COBIT, NIST, ITIL), and implications across all existing computer platforms required.• Proven ability in security process and organizational design, and RACI chart impact analysis.• In-depth knowledge of high complex security, compliance, best practices, and risk management.• Strong conceptual thinking skills — the ability to conceptualize complex security program components into a functioning array of integrated building blocks and support processes.• Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of individuals and roles.• Strong written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences.• Proven track record and experience in developing information security programs and standards.• Strong time management skills as well as strong organizational, problem-solving, and analytical skills required. Able to work in a very fast paced environment and remain positive.• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment.• High degree of initiative, dependable and able to work well with limited supervision.• Proficient use of tools like MS office suite (PowerPoint and Visio expert), web solutions, and third party knowledge providers.• Able to condense vendor security reports into single page summaries that capture the provided / added value of the new security report in comparison to current state knowledge.• The ideal candidate should have worked at least in two different types of industries.• Authorized to work for any employer in the United States.• Ability to pass a thorough background check.
Work Environment, Physical & Mental Demands
• Ability to sit and work at a computer keyboard for extended periods of time.
• Ability to stoop, kneel, bend at the waist, and reach on a daily basis.• Able to lift and move up to 25 pounds occasionally.• Must utilize visual acuity, speech and hearing, hand and eye coordination and manual dexterity necessary to operate a computer and office equipment.• Hours regularly exceed 40 hours per week.