Security Analyst Jobs

*This is a 5 months contract*

*Must be based in the bay area, CA*

Must have:

• Ability to translate technical concepts to a non-technical audience.
• Certifications in one or more of the following: CISSP, CISA, CISM, CRISC, GISO, GCIH, CIPP
• Must have 5+ years of experience as a Security Analyst

The main function of the Security Analyst is to ensure security compliance by conducting and monitoring compliance testing workflows, audits and investigations.

Job Responsibilities:

• Support operational workflows by performing risk-based security reviews of operational systems, applications and third party integrations

• Respond and manage third party security, vendor access and incident management workflow review requests

• Participate in the development and negotiation of remediation plans and timelines based on level of risk

• Provide oversight of required corrective action plans relating to security compliance issues

• Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls

• Understand the security needs of internal and external stakeholders

• Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices

• Participate in cross-functional, team, and status review meetings

• Update operational runbooks and instructions, initiating change management and process improvements as needed

• Generate and maintain data reports on operational workflows, incidents and relevant security topics

Skills:

• Ability to translate technical concepts to a non-technical audience.

• Works well independently and is a strong team player.

• Strong skills in Microsoft Excel, Word, PowerPoint, and MS Visio.

• Ability to multitask and manage simultaneous projects

• Strong communication skills - both written and verbal, interpersonal skills, and ability to work cross-functionally with various global teams across time zones

• Excellent business writing skills to update Standard Operating Procedures, training material, etc.

• Data analysis (for reporting and metrics purposes)

Education/Experience:

• Bachelor's degree and/or advanced degree with a concentration in one of the following areas: Business, Accounting, Legal, Computer Science, Management Information Systems, or Cyber Security

• Experience with data security frameworks and regulatory standards, including PCI, SSAE18-SOC2, ISO27001/2, NIST and SOX

Preferred:

• Certifications in one or more of the following: CISSP, CISA, CISM, CRISC, GISO, GCIH, CIPP

• Experience assessing and designing internal controls for large scale organizations

• Experience assessing security risk for large scale organizations.

• Experience in cloud services organizations

• Direct experience driving change management on an operational team

• General project management skills.