The Security Analyst is a position that strengthens the development, implementation and ongoing maintenance of Coast’s Information Security Program. The candidate hired for this position will perform risk and vulnerability assessments, analyze information for security impact and auditing for Coast’s lines of business; maintain and track the status of documents; review access requests for proper authorizations and produce reports to assist customers in reviewing accesses. This includes, but is not limited to, documentation and development of new security measures, ongoing security changes and enhancements to the Information Technology (IT) computing environment. In addition, this individual creates and maintains the security policies/procedures that monitor/control access to system resources and corporate information assets, along with the prevention, detection, containment and correction of all security breaches. The successful candidate will also assist in the review of existing systems security issues and procedures and develop and maintain familiarity with access control ATO/PCI procedures and security policies. Other responsibilities include enforcement of security policies/standards/risk controls, implementation of new solutions and technologies providing support for testing, emergencies, installations, and conversions; assisting in audit compliance projects; providing daily operational support for access requests; providing customer support in identifying and mitigating security risks while managing audit and security controls.
Job Duties and Responsibilities
- Performs risk assessments to identify vulnerabilities or security exposures.
- Monitors information technology logs and reports.
- Documents and monitors security controls, reports and processes.
- Deploys information technology security controls and processes for Coast systems
- Coordinates vulnerability management including virus protection and version/patch management.
- Collaborates in planning for infrastructure design and review of software acquisitions/ upgrades; reviews to ensure appropriate level of systems and network security.
- Ensures that breaches of information security are identified and investigated, and that procedures for detecting, reporting and investigating such incidents are developed and continually enhanced.
- Instructs the work force on best procedures for information technology security.
- Security – an essential part of the position. This includes (but is not limited to) promoting – safeguarding – implementing – establishing Coast physical and IT security.
- Follow Coast process and procedures.
- Performs other tasks as assigned by management.
Information and Physical Security is the responsibility of every employee. In your position you are required to safe guard the computer systems by following proper username and password management which includes selecting challenging passwords and committing them to memory – they should not be written down or stored where others can freely have access. This also includes securing your desk and workstation when you are not there – this includes locking your session, and putting sensitive paperwork away when not physically at your desk. You are not to share your username or password with anyone. The physical security of our offices of are equal importance, never shadow or let someone shadow your entry into a Coast Professional, Inc. facility – if this occurs quickly report this action immediately. You are required to follow all Information Technology policies and procedures in regards to the management of your system accounts and equipment. If you witness any security violation you should immediately report it to management.
- 3+ years of information security experience.
- 2+ years of security operations experience.
- Regulatory Compliance experience with FISMA, PCI, SOX, NIST, STIG, CIS controls and audit practices.
- Business Analysis Knowledge: Skilled to work in a fast-paced environment. Must have strong analytical and problem-solving skills.
- Customer Service: Skilled to communicate with all levels of management, internal and external customers.
- Ability to work well as a member of a team or independently.
- Effective Business Communication: Skilled in communicating with technical and business constituencies in writing effective business specifications and requirements.
- AA/AS – Associate’s Degree or higher preferred. In lieu of degree should have additional 2 years of IT experience.
- CompTIA Security+, CompTIA Network+; ITIL foundations certification preferred.
- CISSP, CAP, GCIH, GCED, GCFE or similar certification preferred but not required.
- Proficient understanding of business sensitivities and confidentiality.
- Excellent written and verbal communication skills.
- Successfully pass pre-employment (post offer) background check
Responsibilities may require weekend or evening work. Must be able to work in an office environment Manual Dexterity Req: Eye-hand coordination and manual dexterity sufficient to effectively use a computer with all its components for prolonged periods of time and for the majority of required tasks Manual Dexterity Req: Eye-hand coordination and manual dexterity sufficient to effectively utilize various office equipment (phone, computer, fax machine, printer, copier, filing cabinet, etc.)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this position, the physical presence in the workplace is essential. The employee is regularly required to talk or hear. The employee frequently is required to use hands or finger, handle, or feel objects, tools or controls. The employee is occasionally required to stand; walk; sit; reach with hands and arms.
The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision, and the ability to adjust focus.
The noise level in the work environment is usually moderate.
This job description reflects management’s assignment of essential job functions but is not intended to be a comprehensive list of all activities, duties and responsibilities required by the job incumbent. Nothing in the herein restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.
Coast Professional, Inc. is an Equal Opportunity/Affirmative Action Employer M/F/Vet/Disability. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin.