Job Description for Lead Cyber Security Analyst:
Under the supervision of the Manager, Cybersecurity Risk Management, the incumbent’s accountabilities include, but are not limited to the following:
Responsibilities for Lead Cyber Security Analyst:
- Execute security risk management leadership through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.
- Assess third party cybersecurity controls, identify gaps, assist in development of mitigation strategies and manage them to closure.
- Represent Information Security from an Information Security Risk Management perspective.
- Lead the Security Risk management function and further support collaboration across the various risk related teams in the organization.
- Lead risk analyses efforts to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
- Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure for on-premise and cloud (Azure and AWS) implementations.
- Design, implement, and integrate security solutions to address enterprise risks and exposures.
- Develop and maintain Information Security Risk Metrics supported by KPIs and KRIs.
Qualifications Lead Cyber Security Analyst:
- 8+ years related work experience.
- The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping.
- In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), authentication technologies, wireless architectures, encryption key management, and mobile device technologies.
- Must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.