SUMMARY
The Information Security Analyst II role is responsible for documenting and evaluating processes, risks, and controls covering the full spectrum of the National Institute of Standards and Technology (NIST), Cyber & Information Security (CIS), and ISO 27001. Must be able to work independently on multiple tasks performing complex analysis of risk/governance data including enterprise governance, systems administration, network defense infrastructure, data protection, authentication services, vulnerability threat management, risk management, and cyber incident response and recovery.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following, but not limited to:
- Provide guidance and support to technical and non-technical teams on the security findings while maintaining industry best practice standards.
- Represent IT Security matters at business forums with internal teams. Enhance technical security processes and procedures ensuring alignment to the corporate risk security policies.
- Monitor the changing threat landscape to identify and report emerging threats and issues.
- Assess the impact of known threats of emerging vulnerabilities and manage teams to co-coordinate appropriate remediation efforts.
- Be a security representative as a point of contact for multiple technical deliveries, initiatives, and project implementations. Assess technical security risk in terms of impact to systems and service confidentiality, integrity, and availability and report and escalate the risk to the teams for awareness.
- Maintain up to date knowledge of security issues found during vulnerability scans and penetration tests.
- Assist with change requests and approvals for proposed changes for security remediation.
- Implement, manage, and advance the organization's Information Security framework. Periodically review and evaluate framework assessing the current baseline, process/control gaps, and approach as it pertains to the current environment.
- Provide tactical support of new system implementations as well as periodic IT system reviews to ensure adequate security measures are implemented for hardware, operating systems, software, network, and internet applications and services.
- Manage and execute the organization's vulnerability scanning and testing program and coordinate the remediation of identified vulnerabilities.
- Monitor potential intrusion attempts, computer virus outbreaks, security and compliance scanning tools, and other alerting taking appropriate corrective action.
- Participate in testing of the disaster recovery plan to ensure data and information security practices are maintained.
- Assist in the performance of IT audits / assessments to identify organizational risks associated with IT general and risk-related controls.
- Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the company's systems.
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches, or malicious attacks;
- Communicates with multiple departments and levels of management to resolve technical and procedural information security risks.
- Serves as a subject matter expert (SME) for performing vendor risk assessments to improve overall Third-Party Vendor Management programs.
QUALIFICATIONSEDUCATION and/or CERTIFICATION:
- Bachelor's Degree, Information Systems, Computer Science, Information Security, or related field required. Masters in Information System preferred.
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), or Global Information Assurance Certification (GIAC) preferred or Comptia Security +.
REQUIRED KNOWLEDGE:
- Knowledge of the ISO 27000 series practices, NIST, ITIL, and COBIT framework.
- Ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside to make appropriate assessments and decisions.
REQUIRED EXPERIENCE:
- 4+ years in information security or cybersecurity experience with a proven ability to engage with Senior Management.
- Prior experience performing security reviews and risk assessments preferred.
- Working experience using analytical tools, developing spreadsheets, documentation, and security reports
SKILLS and/or ABILITIES:
Knowledge of, or willingness to learn, the following technical areas:
- Network / Firewall, Anti-Virus / Malware applications
- Vulnerability Scanning Tools
- Operating Systems (Windows/Linux/Unix)
- IPS/IDS Solutions
- Identity & Access Management
- SIEM Solutions
- GRC Tools
- Servers and databases.
PHYSICAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION:Must be able to remain in a stationary position over 50% of the time. Occasionally, the person in this position needs to move about inside the office to access file cabinets, office machinery, etc. Must be able to constantly operate a computer and other office machineries, such as a calculator, copy machine, and computer printer. Must be able to make decisions, interpret data, and communicate verbally and/or in writing.
TRAVEL The position may require overnight travel to domestic and international work sites occasionally.
ACKNOWLEDGMENTThe above statements are intended to describe the general nature of work performed in this position. These statements are not to be construed as an exhaustive list of all responsibilities, tasks, and skills required of an employee in this position
. Amerijet International Airlines, Inc. reserves the right to request that other tasks be performed when warranted (for example, by emergencies, changes in personnel or workload, corporate reorganization, or technical development). Amerijet International Airlines, Inc. also reserves the right to revise this job description.
AAP/EEO STATEMENTAmerijet International Airlines, Inc. is an equal opportunity and affirmative action employer and will consider all qualified applicants without regards to race, color religion, national origin, sex, sexual orientation, gender identity, age, disability, veteran status, or any other protected factors under federal, state or local law.
Any applicant requiring assistance with our online application process or who needs accommodation for the application process due to a disability should contact (954) 320-5391 or send an e-mail to ADAapps@amerijet.com
LEGAL NOTICES TO ALL APPLICANTSEEO is the Law
Pay Transparency Non-Discrimination Provision
Employee Rights Under The Family and Medical Leave Act
Employee Polygraph Protection Act
E-verify Participation
DOJ Right to Work
Florida Law Prohibits Discrimination
Dade County Living Wage Ordinance
This job has expired.