Information Security Analyst

JOB SUMMARY:

The purpose of this role is to collaborate with the CIO and the Virtual CISO to ensure compliance with our D2L Information Security Program, align with industry best practice frameworks, and ensure compliance with government regulatory and customer security requirements. This role is also responsible for responding to customer questionnaires and audits, as well as ensuring our D2L culture is focused on cybersecurity.

The Information Security Analyst is responsible leading the information security services within the organization. It is the job of the Information Security Analyst to design and lead information security services within budget; ensuring reports, weekly releases, deliverables, and other requirements are completed in accordance with best security practices to ensure the safety and compliance of the company and client’s data within our environment.

PRINCIPAL DUTIES AND RESPONSIBILITIES: (of the job)

· Oversee the development, documentation, and sustainment of D2L IT Security program and policies.

· Organize and chair the D2L InfoSec team.

· Establish, analyze, and monitor InfoSec project schedules, business needs and resources allocation.

· Install security measures and operate software to protect systems and information infrastructure, including firewalls, data encryption, and access management programs.

· Manage all aspects of an IT Security organization and develop project schedules including all major milestones.

· Create daily, weekly, and monthly checklists related to providing security oversight with our ITMS and 3rd party vendors.

· Reviews and monitors the daily, weekly, and monthly SOC, SEIM, and firewall reports and provide security oversight to ensure all security concerns are being addressed.

· Manages the Cybersecurity and Data Privacy training, monthly phishing campaigns, and monthly security reports and recommends improvements where needed.

• Continually updates and tunes the Intrusion Detection System (IPS) rules.
• Monitors and responds to service disruptions, data breach, and audits recovery incidents.

· Ownership for ensuring compliance with industry data standards such as GDPR, CCPA, and SOC1 and our D2L security program.

• Stays current on current cyber threats and best practices (CERT, SANS, et.al.).
• Administer data security for file system level encryption.
• Respond to customer security questionnaires and audits for both new and existing customers. Makes security program recommendations as needed.

· Stays current with cybersecurity threats and best practices (CERT, SANS, etc.) and collaborates with ITMS vendor and Virtual CISO to mitigate any risks and implement appropriate changes.

· Maintain the list of required customer notifications in case of a security event.

· Support the development team with security best practices during the development cycle.

· Completes the annual security audits of our 3rd party vendors and sub processors.

· Plan and schedule the annual Security Assessment and develop detailed plans for remediating identified risks.

· Lead and plan regularly scheduled incident response tabletop exercises, minimally once per year.

· D2L ownership for the yearly Disaster Recovery Test exercise, lessons learned, and ensuring issues and gaps are resolved.

· Collaborate with the business on updating, maintain and testing the Business Continuity Plan annually.

· Perform an annual review of the D2L IT Policies against Industry Best Practices, customer requirements, and cloud requirements and update them as appropriate. Ensure the organization reviews the policies annually.

· Ownership for ensuring annual Privacy Shield compliance with zero major deficiencies.

· Collaborate with the business, ITMS vendor and internal IT resources on the yearly SSAE-18/SOC1 audit.

· Participate in security reviews of our customer and 3rd party vendor contracts.

· All other duties assigned.

POSITION REQUIREMENTS:

• 5 years of Information Security Experience.
• Experience with penetration testing, remediation, audit, and compliance.
• Strong understanding of firewalls, proxies, SIEM, antivirus, and intrusion detection and prevention systems.
• Ability to identify and mitigate network and ITMS security risks.
• Understanding of ethical hacking procedures, cloud and access management, and risk management.
• Experience in data protection analysis, data repositories, and structure identification.
• Laser-focused on ensuring the information security of the organization.
• Strong experience in multiple cybersecurity frameworks such as NIST, ENISA, CIS, SOC2, ISO, etc.
• Experience in ensuring compliance with industry data standards including GDPR, CCPA, and SOC.
• Strong experience in information security program development and management.
• Strong experience in Infosec governance, information risk management, and security incident management.
• Stays informed regarding the cybersecurity landscape and solutions.
• Ability to identify and recommend process and security improvements.
• Experience providing security oversight of an ITMS vendor.
• Experience developing and managing a 3rd party vendor assessment program.
• Strong technical background.
• Understanding of software development methodologies.
• Strong problem-solving skills.
• Strong internal customer-facing skills.
• Excellent communication skills.
• Ability to review, analyze, and evaluate complex business systems.
• Strong collaboration and communication skills and proven ability to collaborate with other team members and users.
• Team player.
• Strong listening skills.
• Proactive problem solver.
• Strong sense of ownership.
• Demonstrated ability to deliver on commitments.

EDUCATION:

• Bachelor of Science Degree or higher; Information Management, Computer Science, or Computer Information Technology major desirable.
• CISSP certification preferred.
• Project management skills (prefer PMP).

TRAVEL

· 5% (as required)

LOCATION

· Fort Myers, FL (Primary)

· Remote (Secondary)

PHYSICAL DEMANDS AND WORK CONDITIONS:

The physical demands and work environment described here are representatives of those that must be met by the employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions

Work involves sitting, walking, talking, hearing, bending, stooping, kneeling, and/or crouching

• Work also involves repetitive wrist, arm, finger motion, typing data on computer keyboard, typing data on a calculator, using hands to handle, feel or operate objects, machines, and reaching with arms and hands
• Vision abilities required by this job includes vision, the ability to adjust focus, and ability to focus on a computer screen for long periods of time
• The employee may be required to push, pull, lift, and/or carry up to 20 pounds
• The noise level in the work environment is usually moderately quite with few distractions
• Ability to bend or stoop to retrieve lower shelf files and the ability to reach overhead to retrieve upper shelf files
• Ability to sit 2/3 to 3/4 of day

Data2Logistics is an equal opportunity employer.

It is the policy of Data2Logistics, as an Equal Opportunity Employer, that all persons shall receive equal employment opportunities in accordance with their job-related qualifications, without regard to race, color, religion, sex, sexual orientation, age, marital status, national origin, veteran status, or disability.

This job description in no way states or implies that the duties and responsibilities are the only duties and responsibilities to be performed by the individual(s) with this job description. The individual(s) maybe called upon and required to follow other instructions or perform other duties/responsibilities requested by his/her Supervisor, consistent with the purpose of the position, department and/or company objectives.

Pay Transparency Policy Statement

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 4I CFR 60-I.35(c)

Job Type: Full-time

Pay: $75,000.00 - $128,865.00 per year

Benefits:

• 401(k)
• Dental insurance
• Flexible schedule
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift

COVID-19 considerations:
Temperature checks daily for those in the office, office sanitized daily. Mask are optional.

Experience:

• of information security: 5 years (Required)
• Data protection analysis, data repositories: 3 years (Required)
• Testing, remediation, audit and compliance: 2 years (Required)

Work Location: Multiple Locations