Previous Job
PCI Security Analyst
Ref No.: 17-00063
Location: Whippany, New Jersey
Position Type:Direct Placement
Start Date: 10/02/2017
 Seeking an Information Security Analyst with PCI level 2 or 3 experience for a contract to permanent position in Whippany, NJ
If you are a driven, motivated professional seeking a challenging and rewarding position with a fun company and great work environment, apply today!
SUMMARY: The Information Security Analyst will be focused on PCI compliance and is responsible for information security policy development and maintenance, design of security policy education, training, and awareness activities, monitoring compliance with our client's IT security policy and applicable law, and coordinating investigation and reporting of security incidents. The Information Security Analyst will work with the Network Services and Security teams to perform network penetration tests, application vulnerability assessment scans, and risk assessment reviews.
Information Security Monitoring and Auditing: (50 %)
Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls are appropriate and operating as intended.
Monitor current reports of computer viruses to determine when to update virus protection systems.
Monitor use of data files and regulate access to safeguard information in computer files.
Conduct company-wide data classification assessment and security audits and manage remediation plans.
Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
Perform internal and external vulnerability scans and penetration tests as well as coordinating through vendors and remediate discovered vulnerabilities.
Review and test firewall configurations, data transport and encryption configurations, and other security configurations to identify required configuration changes.
Information Security Program Management: (30 %)
Conduct security research in keeping abreast of latest security issues.
Develop and publish Information Security policies, procedures, standards, and guidelines based on knowledge of best practices and compliance requirements.
Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
Coordinate implementation of computer system plan with internal personnel and outside vendors.
Coordinate and execute IT security projects for the company.
Modify computer security files to incorporate new software, correct errors, or change individual access status.
Train users and promote security awareness to ensure system security and to improve server and network efficiency.
Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
Information Security Incident Management: (10 %)
Establish, document, and maintain standards and procedures for information security incident response.
Coordinate response to information security incidents.
Review violations of computer security procedures and discuss procedures with violators.
Other duties may be assigned: (10%)
Must have significant PCI experience.
Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis, and compliance testing.
The Information Security Analyst possess excellent communication (oral, written, presentation) and interpersonal skills including high integrity, respect for all individuals (customers, vendors, and employees), strong critical and analytical thinking and problem solving skills, and appreciation of diversity (thought, ethnic, gender, etc.).
BA or BS in Computer Science, Programming, Engineering, or related field required. CISSP or CISM certification preferred.
5+ years of progressive experience in computing and information security, including experience with internet technology and security issues required.
Required experience:
PCI security standards: 5 years
Internet technology and security issues: 5 years
Computing and information security: 5 years
CISSP or CISM certification