Reporting to the Information Security Supervisor, the Information Security Analyst is part of the Information Security team, which is responsible for the ongoing operation of the firm’s information security program.The role of the Information Security Analyst includes
Day-to-day responsibilities and characteristics
- the implementation, maintenance and review of advanced security technologies (including those applicable to cloud based services, information governance, and client requirements),
- conducting third party risk assessments,
- gathering information related to the firm’s business continuity and disaster recovery planning,
- administrating the firm’s security awareness training platform,
- providing frontline response for information security incidents.
- Act as the lead resource for more than 1 of the firm’s security systems (Endpoint detection/protection/response, network access control, vulnerability management, security incident and event management, email security, security awareness training, etc.) including the use, operation and maintenance of those platforms. Cross-train on other security systems in use by the firm in order to have a working knowledge of the firm’s entire security architecture.
- Demonstrates thorough knowledge of all user provisioning and de-provisioning processes in use throughout the firm. Under direct supervision, holds responsibility for the lifecycle management of firm end user accounts in various applications and services such as Active Directory.
- Actively participate in client security assessments, audits, and outside counsel guideline review, including performing gap analysis, evidence collection, and response creation.
- Assist in conducting security reviews of services, vendors, projects, and technologies. The security review process includes an analysis of the challenge for which a solution is being sought, researching proposed solutions, conducting risk assessments of vendors providing solutions, and presenting final recommendations for implementing the selected solution in a secure manner.
- As part of the service, system, and business process lifecycle, continually assess and review the firm’s current technology infrastructure to identify key risk areas, including the risks associated with business continuity and disaster recovery, ensuring that adequate information has been gathered and controls are in place to address and manage the risks identified.
- Assist in researching specific security technologies and controls as requested by senior management and required by clients.
- Participate actively in the Information Security team’s effort to continuously improve security policies, processes, and procedures. Provides input to strategic and tactical planning, initiatives, and projects.
- Coordinate the assignment of security awareness training to all personnel.
- Responsible, along with the rest of the Information Security team, for ensuring that the firm’s Information Security systems are functioning in an optimal manner and that all BC/DR goals are met through testing on a scheduled basis.
- On a rotating basis, acts as a first responder for Information Security related service desk tickets. Perform necessary investigation, communication, resolutions, and if necessary, escalations, to ensure timely and successful closure of tickets.
- Represent the Information Security team in a professional manner when engaging with other technical teams, stakeholders, vendors and clients.