Senior Information Security Analyst ISO serves as the process owner for all ongoing activities that serve to provide appropriate access to and protection of sensitive information (regulatory data, privacy data, cardholder data, intellectual property and other sensitive business data) in compliance with applicable law, regulations, industry standards, and Company policies and standards. The Senior Information Security Analyst ISO is responsible for overseeing and evaluating the execution and use of security measures to protect data and for overseeing and evaluating conduct of personnel in relationship to the protection of data. This responsibility is carried out by working with members of the Companies executives, management and staff to foster the developmental and operational elements needed to assure appropriate information security, safeguards and compliance throughout the Company and its divisions.
Responsibilities include the following:
- The Senior Information Security Analyst ISO’s primary responsibility is to ensure the companies and operations compliance with applicable information security laws, regulations and industry standards on an ongoing basis to ensure security requirements are considered and met.
- Develop security policies and standards that will be applicable to all the companies and operations that incorporate regulatory requirements, industry standards and best practices.
- Developing security architecture, conducting risk analyses, and evaluating data security technologies.
- Performance of security due diligence of projects (both internal and external), applications and vendors in order to determine security position and compliance with the companies policies and standards.
- Assisting with creating and maintaining sound security architecture for the group.
- Development of an information security framework which defines how people, technology, and processes should be assembled to secure the environment and remain consistent with business objectives.
- Work with internal audit and outside consultants as appropriate for independent security audits.
- Participate in IT and Business Unit (BU) projects to ensure security policies and standards are adhered to. Contribute to the development of new security standards. Conducting RAs within the BU for new projects or major changes to existing technology.
- Conducting investigations into BU-specific breaches of IS policy, standards or other IS-related incidents and reporting findings to Group and BU Executive Management and tracking of remediation.
- Develop implementation plans ensuring that the end-state enterprise security architecture is in alignment with IT strategic objectives
- Assist with the development and continuous re-assessment of the risk acceptance for the information security in the business.
- Partner with internal audit to conduct audits and review controls regarding the vulnerability and business impact assessments.
- Establish specific guidelines that will help understand and mitigate the potential risks involved in the loss of intangibles (reputation) e.g., secured information breach (policyholders).
- Bachelor's degree in Computer science, Information Systems or related field preferred or Equivalent combination of education/experience. Master-Degree is a plus.
- CISSP, GSEC, CISA, CISM, or other security certification desired.
- Experience in interpreting and applying appropriate Standards and Policies for PCI-DSS.
- Experience in financial services and/or security sector an asset
- Experience of Security Architecture Design and Implementation, Wireless Security, network security, system monitoring, Vulnerability Detection and Remediation, and Windows/Unix/Linux security knowledge an asset.
- Experience in Web application security including secure application development (security in SDLC phases) and architecture an asset.
- Experience with implementing industry security frameworks including NIST, ISO17799/27001, CoBit or Sarbanes Oxley an asset.
- The candidate will have at least 5 years’ experience in information security
- Experience with policy compliance tools and control processes.