Information Security Analyst
Orlando, Florida | Direct Hire
Tews Company has an exciting opportunity for an Information Security Analyst. We are open to considering candidates that have a couple of years’ experience within Information Security and exposure to most of the credentials needed for the position if they have proven experience on the network and/or systems side. The Information Security Analyst is responsible, in part, for the organization’s Information Security Program including participating in all IT audits, writing and enforcing security policies, procedures and guidelines and all aspects of a successful delivery of the organization’s PCI DSS Report on Compliance each year. The Information Security Analyst will provide technical expertise in a variety of areas including systems and networking, both hardware and software, as needed. The Security Analyst will evaluate emerging technologies for consideration of use within the organization’s infrastructure while seeking continued refinement of existing architecture and processes. This position is hands-on and highly technical in nature.
Duties and responsibilities
- Maintain and implement the organization’s Information Security Program.
- Provide regular updates on the state of IT compliance including successful delivery of the organization’s Annual Report on Compliance.
- Prepare and maintain clear documentation, program guidance, assessment results, responses and remediation ensuring consistency across compliance programs.
- Ensure compliance with PCI DSS and Florida’s Information Technology Act.
- Maintain the organization’s Disaster Recovery Plan and provide guidance to business units on their Business Continuity Plans and lead the testing of these plans at least annually.
- Embed a culture of continued improvement of existing information security, employee security awareness and compliance program.
- Establishes and maintains data security policies.
- Liaison with internal and external auditors as needed.
- Work with outsourced information security vendors to provide information security services to the organization.
- Maintain security hardware and software, including firewalls, WAFs, RADIUS, proxies, authentication, etc.
- Plan and implement strategic security initiatives.
- Provide guidance on securely integrating vendors and contractors to the organization’s enterprise.
- Perform risk assessments not less than annually and security investigations as necessary.
- Other duties as assigned.
- Bachelor’s Degree in Computer Science or related discipline or equivalent experience.
- 8+ years progressive experience in IT roles and 2+ years in information security roles.
- Knowledge of PCI DSS v3.1 requirements.
- Hands-on knowledge of Windows operating systems including Windows 2008 R2, Windows 2012 R2, SSO, Active Directory, etc.
- Hands-on knowledge of NG Firewalls (IDS/IPS), web application firewalls, RADIUS, two-factor authentication, load balancers, proxies, scanning technologies, intrusion detection, etc.
- Hands-on knowledge of LAN/MAN/VPN technologies including wireless – L2/L3 switches, encryption, protocol analyzers, etc.
- Hands-on knowledge of IEM/FIM implementations, data loss prevention, data classification.
- Excellent written and verbal communications skills.
- Excellent organizational skills are a must.
- Ability to communicate technically at both low and high levels, including training sessions.
- Ability to multitask and work confidently in a fast-paced environment.