Senior Security Analyst
Job Title: Senior Security Analyst
Location: Stamford, CT
Term: Contract position
- Identify, develop and implement data security standards to ensure compliance with data privacy regulations as it relates to GDPR and CCPA.
- Work across the lines of business in developing processes for the handling and protection of personal data.
- Work with the cyber and technology teams in the deployment of tools and processes for data protection and security.
- Work with technology teams in evaluating and documenting Role Based Access Control (RBAC) and Principle of Least Privilege (PoLP).
- Evaluate existing and/or establish new data security controls for effectiveness and efficiency.
- Participate with various technical teams in developing both event management and incident response procedures.
- Work with the IT support teams to evaluate application security, data encryption methods and supporting technologies.
- Work with the IT support teams to evaluate data security in the private and public cloud infrastructures.
- Participate in and perform Privacy Impact Assessments.
- Participate in and perform Data Protection Impact Assessments in support of GDPR.
- Assist in the configuration and management of privacy management platform.
- Four-year degree in computer science or related combined work/education experience.
- Minimum of five years experience in Cyber Security/Information Security.
- Hands-on experience in supporting and maintaining cyber security tools and technologies, including IDS/IPS, UTM, WAF, NAC, SIEM and endpoint protection.
- Experience working within a global, IT organization.
- Experience in supporting IT infrastructures.
- Knowledge in cloud security architectures as it relates to data protection.
- Strong knowledge of TCP/IP, routing and switching technologies.
- Knowledge of the Open Systems Interconnection model (OSI model).
- Experience in the implementation of CIS controls in a practical and systematic manner.
- Knowledge of NIST 800-53 and NIST Cyber Security Framework (CSF)
- Knowledge in Microsoft Windows Server, file/folder access permissions and Active Directory Services (ADS) administration.
- Knowledge in vulnerability and patch management programs.
- Experience in data compliance programs a plus.
- Experience in application security and role-based access controls.
- Experience in a variety of cyber security tools, including AWS security stack a plus
- Experience in data privacy regulations (GDPR and CCPA) a plus
- Certified Information Systems Security Professional (CISSP) a plus.
- Ability to analyze complex information and identify key and relevant points, including communicating in a relevant and easy to understand manner.
- Practical experience in implementing security policies, procedures and technologies.
- Strong verbal and written communication skills.
- Strong experience in developing technical documents.
- Strong attention to detail, well-organized, and able to manage time efficiently.
- Team player with ability to deal effectively with individuals at all levels.
- High degree of initiative requiring little or no supervision, sound judgment, and the ability to prioritize assignments, solve problems, and meet deadlines.
- Ability to produce high-quality work in a timely fashion in a fast-paced environment.