Location: Mumbai, India
Compensation: As per industry standards
The Analyst is responsible for day-to-day operations and planning related to Information Security: Infrastructure. This includes but is not limited to; developing and maintaining a secure information operations environment, supporting information security, policy/work-instruction and security plan development, implementation, and monitoring, HIPAA/FERPA/PCI compliance, evidence gathering, and reporting. The Analyst is part of an IT team responsible for creating and maintaining a security compliant computing environment. The Analyst monitors security policy and policy to ensure that the team and the division are compliant. This includes developing/maintaining security policies specific to the environment needed to support the security strategy. The Analyst is a subject matter expert in information security. This domain is varied, but includes: awareness/training; log management; intrusion prevention and detection; audits; monitoring; anti-malware management; investigation and forensics; policy and work instruction development, review and maintenance; vendor management; incident response plus; reviews of a wide and varied nature.
Must have ‘hands-on’ skills in the following, but not limited to, virtualization, backup, automation/scripting, Windows administration, storage management, networking, security, using command line tools and technical writing.
The Division is responsible for systems that are subject to very specific security requirements covered by HIPAA, HITECH, PCI and FERPA. Meeting these requirements is one of the key responsibilities of this position.
- The Analyst is part of a team responsible for creating and maintaining a compliant computing environment and keeping stakeholders well informed using a risk based approach to information security.
- The Analyst has a role in and will act as a back-up system and network administrator for a division wide multi-data center operation.
- The Analyst oversees hardware planning, timely provisioning, reliability, security and timely resolution to infrastructure problems.
- The Analyst represents the division on various committees, for security and privacy initiatives, planning, and policies; participate in developing policy and the planning of long-range goals for security and privacy.
In cooperation with the software, services and infrastructure teams, the Analyst:
- Installs, monitors and maintains the security management infrastructure for the division. This includes at least: 2-Factor Authentication, IPS and log management systems.
- Evaluates related events utilizing various technologies to create actionable reports on findings and presents reports to the team and management stakeholders.
- Established baselines and reporting on trends presenting opportunities for improvements.
- Supports and executes security audit activities. Respond to internal or external audits and assessments.
- Proactively address and perform risk analysis of the negative impact on the division caused by theft, destruction, alteration or denial of access of information.
- Defines and oversees the use of encryption methods.
- Responsible for the coordination, consultation and assessment effort to track and remediate security events and alerts.
- Leads security incident management and investigation.
- Develops KPIs for measuring successful incident management.
- Applies advanced IT security concepts to provide input, define or revise incident response processes and support timely and coordinated responses to security incidents.
- Conducts reviews to identify causes of information security incidents, develop corrective actions and reassess risk.
- Manages and accesses approaches to patching, zero-day threat mitigation and stays abreast of important vulnerabilities.
- Identifies, reports, and assists in resolving privacy, compliance or security violations and control gaps.