The Business Information Security Analyst (BISA) will support their local team in the maturation of its information security posture, while being aligned with the Corporate Security function. Reporting to the Practice Area Business Information Security Officer (BISO), this role will be focused on assisting with the implementation, governance and compliance of the Corporate Information Security administrative and technical controls to prevent the unauthorized use, release, modification or destruction of data/systems, specific to their Practice Area/Network.
Key focus areas
· Establish and maintain global relationships with Practice Area/Network business units and stakeholders to support local security activities and continuous improvement and program maturation.
· Support BISO and Corporate Information Security in the delivery of administrative and technical controls, in line with organizational strategy, policies, contracts, and/or regulatory obligations.
· Ability to understand current and emerging security threats/vulnerabilities, communicate impact based on potential risk, and prioritize to support mitigation and remediation efforts
· Administer practices to address risk or reduce the risk to an acceptable level with particular focus on Vendor/Agency Tiering, Risk Assessments and Exceptions.
· Assist in responding to client requirements such as RFP/RFI, audits, security questionnaires, meetings as relates to Information Security, where appropriate.
· Participate in implementation and management of Practice Area/Network and Corporate platforms, e.g. endpoint protection, encryption, SIEM, CASB, perimeter controls
· Assist with regular testing and applicable vulnerability remediation efforts of Practice Area/Network infrastructure, applications, and systems.
· Participate in and coordinate documentation of Disaster Recovery and Business Continuity Plans and exercises across Practice Area/Network.
· Support Practice Area/Network and CSIRT responses to security incidents, providing timely reports during the incident and remediation
· Triage Practice Area/Network Information Security inquiries and requests, providing stakeholder support and escalating to BISO as needed.
· Generate reports for both technical and non-technical staff and stakeholders
· Promote security awareness across Practice Area/Network
· Demonstrated interest in Information Security, IT Risk Management or related field
· Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related education or experience preferred
· Demonstrate sound written and verbal communication, interpersonal and collaborative skills
· Self-starter, problem solver and strong analytical skill, able to operate effectively within a dynamic and fast-paced environment
· Exceptional customer service skills, able to collaborate with all levels of employees
· Familiar with Microsoft 365 and Suite Services
· Willingness to learn and undertake information security educational and/or certifications