Information Security Analyst
Two North LaSalle Street Suite 500 Chicago, IL 60602
Information Security Analyst
As a Security Analyst, you will protect the firm’ s data and assets through the review, analysis, implementation, and monitoring of security controls, functions, and processes within the enterprise in support of the cybersecurity program. The analyst will interface with business units and key stakeholders within and outside of the Information Technology (IT) department, providing guidance and recommendations regarding security issues and requirements as appropriate. In addition, the analyst will make sure that new systems and applications adhere to established policy and procedures, and that existing systems remain secure and compliant.
The Security Analyst will coordinate various types of security assessments, which may include evaluations of security controls in hardware, software, applications, mobile applications, and other information assets. The position will require working in a collaborative environment to help lower cybersecurity risk across the firm. The Security Analyst will work closely with Legal, Compliance, Control Oversight, IT, and Third Party vendors to maintain alignment with the firm’ s overall cybersecurity program.
Duties & Responsibilities:
- Provide daily assistance to the Chief Information Security Officer in ensuring the effectiveness and compliance of the firm’ s Cybersecurity Program.
- Develop a strong understanding of the firm' s Cybersecurity program policies and procedures, and regulatory requirements to which the firm is subject (e.g., SEC, FINRA, ERISA, etc.).
- Coordinate and research information related to risk assessments to identify vulnerable areas within and to the company' s critical systems and data.
- Document and track security risks as part of a comprehensive cybersecurity risk management program (e.g., threat, vulnerability, and probability of occurrence).
- Provide assistance with responding to RFI/RFP, due diligence and cybersecurity questionnaires for the firm’ s clients and potential clients.
- Work closely with both internal and external cybersecurity-related audits.
- Perform daily monitoring of security incidents and ensure timely remediation of items identified.
- Respond to inquiries regarding the firm’ s security controls.
- Coordinate in-house vulnerability testing, risk analyses and security assessments and remediation.
- Research the latest cybersecurity trends, methodologies, and practice to stay informed.
- Track and interact with the IT Security Team on cybersecurity related projects.
- Collaborate with the Control Oversight and IT Security teams to assist in vendor management program as it relates to cybersecurity.
- Help define, implement and maintain corporate security policies and procedures.
- Train fellow staff in security awareness (i.e. Phishing tests) and procedures and other projects as needed.
- Perform other duties and special project work as assigned.
- Bachelor’ s degree in Information Technology Security or related field
- Minimum three years of related security experience
- Basic understanding of enterprise-class information systems and technologies, including networking infrastructure, server and desktop operating systems, and software applications.
- General understanding of information security as it pertains to firewalls, routers, switches, wireless access points, VPNs, desktop and server operating systems, and enterprise-wide applications such as messaging and database systems.
- High level of integrity and the ability to maintain confidentiality of records and information.
- Strong writing skills, as well as the ability to articulate security-related concepts to a broad range of technical and non-technical staff.
- Excellent attention to detail, a high degree of initiative and adaptability, and the ability to deliver timely work products.
- The ability to work independently as well as in a team environment.
- The ability to work with numerous and conflicting deadlines.
- Stay current on information security trends, new threats and attack techniques, and emerging security technologies.
- Experience in overseeing vulnerability assessments or penetration testing
- Background or exposure to privacy law, investigative processes or user behavioral analytics tools
- Security fundamentals certification such as GISF, GSEC, Security+, or similar preferred
- Familiarity with various security frameworks such as NIST and CIS Critical Security Controls
- Strong MS Office (e.g., PowerPoint, Word, Excel) skills