Senior Analyst - Information Security Job
Refer A Friend
Job Tile: Senior Information Security Analyst
Job Number: 2016-44206
Date Posted: 12-7-2016
Back to top
The Senior Information Security Analyst is a senior hands-on role focused on ecommerce and application development security. This role requires a broad, deep level of ecommerce experience, technical expertise, and information security experience. The Senior Information Security Analyst collaborates with the Ecommerce department, IT department, and Security department to assess and manage risk; provide ecommerce platform security assurance; design, select and deploy technical controls to meet security and business requirements; and define processes and standards to ensure that security configurations are maintained. The Senior Information Security Analyst is a mentor to security team members and an escalation resource.
Essential Duties and Responsibilities:
Essential Job Functions
- Plays a key collaborative, influencing and consultative role in the ecommerce secure software development life cycle
- Drives the development, implementation, and operation of ecommerce security controls and practices
- Collaborates with and guides GNC's business units and risk management functions to identify security requirements and solutions. Components of this activity include:
- Solution architecture review
- Business system analysis
- Penetration testing and remediation
- Application vulnerability scanning and remediation
- Solution review and assurance
- Communication, facilitation and consensus building
- Monitors security information and event management and logs for unusual events. Identifies trends and recommends solutions.
- Reports to and advises GNC's management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Collaborates with management to facilitate security and compliance reviews (e.g. PCI, SOX, Audits) and address any potential exceptions
- Collaborates on and influences the approach of critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Designs and develops security processes and procedures, and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
- Specifies, develops and analyzes operational reports to monitor and track performance metrics are aligned with defined Service Level Agreements and security requirements.
- Specifies, researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments.
- Serves as point of contact to solve complex problems by means of systematic and disciplined troubleshooting
- Develops and disseminates information security operations documentation.