Senior Security Analyst (Governance Risk and Compliance) (Start ASAP)

RESPONSIBILITIES

Provide Information Security Senior Level support and expertise in the following areas but not limited to:  Governance, Risk and Compliance (GRC), Assist the defensive team in Security Monitoring, Incident Response, Threat Hunting and Intelligence. Gather inputs from Offensive Security team (Vulnerability Management, Penetration Testing and Application Security Review) to enhance risk treatment and policies- and-standards development.

REQUIREMENTS

• Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science, ECE or Computer Engineering
• 5 years or more experience in Information Security, Governance, Risk Management, Audit and Compliance Experience
• Working knowledge with different standards and best practices (Example: ISO27XX, NIST CSF, CIS Controls, OWASP, MPAA, PCI-DSS, Cloud Security Alliance)
• Working knowledge of different security architectures, standards, technologies, and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management.
• Experience investigating security events, identifying threats and resolving vulnerabilities in large and complex environments.
• Host-based and network analysis/forensics capability
• Knowledge in Programming, SDLC, Agile, Shift Left, DevSecOps Methodology
• Asset and Systems Inventory, Change Management Experience
• Knowledge in Ethical hacking
• Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
• Advance knowledge of IT security and solid understanding of Information Security concepts, risk management and practices
• People management skills
• Excellent written and verbal communication and presentation skills.
• Certifications may include CISM, CISA CRSC, CISSP, GSEC, CHFI, GCIH etc