Previous Job
Information Security Analyst level 2
Ref No.: 17-03833
Location: Riverton
Information Security Analyst
Riverton, Utah
12-24 month contract
Job Description
The Information Security Analyst position requires information risk management experience, effective communication skills and business acumen. The successful candidate will work with solution mangers, business clients, and applications, database, and/or infrastructure teams to integrate security best practices into the solution delivery process to prevent or remediate significant risks to the business.
He/she will identify and document business risks and coordinate remediation of vulnerabilities and threats using risk assessment methodologies and processes including analyzing output from infrastructure, database, or web application vulnerability assessments, and developing spreadsheets, diagrams, textual documents and reports as requested. The ideal candidate will coordinate risk assessment activities and provide security training to assigned solution delivery team members.
He/she needs to be able to communicate effectively and respectfully with management, engineers, customers and others regarding the need of information security and to help them learn their roles and responsibilities in the implementation and maintenance of appropriate controls to mitigate significant risks.
He/she needs to have an appreciation for the need to balance security control benefits against potential impacts on business functionality and performance.
The successful candidate will have a demeanor of maturity and professionalism that promotes trust and respect for the entire risk management team in those with whom the team interacts. He/she will be able to be trusted to work in sensitive situations and with sensitive information and keep confidences.
· Perform risk assessments utilizing enterprise GRC toolset
· Perform compliance or risk assessment interviews with solutions management, engineers, and developers
· Evaluate adherence to and evangelize information security policies and standards
· Review compliance or assessment artifacts and deliverables for completeness and accuracy
· Write test plans and test results reports in accordance with Church practices
· Document critical security risk findings for urgent resolution
· Generate reporting dashboard metrics or measures for multiple levels of management review
· Coordinate security assessment findings and reports with management, engineers, and customers
· Coordinate or perform application vulnerability testing
· Coordinate or perform application penetration tests
· Coordinate or perform tests and evidence gathering activities for solution security certification/compliance validation
· Communicate significant security or interdepartmental findings to customers for timely resolution
· Ensure sensitive data handling systems are in compliance with Church policy and procedures
· Become familiar with Church IT Security policies and industry security standards
· Propose and implement approved compliance process improvements
· Utilize a complex management and reporting tool for compliance and certification process
· Demonstrate proficiency with data entry submission and validation in multiple formats
· Approximately 10% independent travel

This individual works with divine guidance to provide or support technology that furthers the mission of the Church and reflects the eternal impact of the gospel.
Must be a member of The Church of Jesus Christ of Latter-day Saints and currently temple worthy.

Required Skills
  • Bachelor's Degree or equivalent work experience: 3+ years of experience in a core information technology role (e.g. software developer, network engineer, database engineer) where compliance activities or information risk remediation were a part
  • Has diverse background in information technology processes, standards, and industry best practices
  • 1-2 years of experience in security risk analysis and/or compliance assessment
  • Self-starter who works well with others, does not require close supervision, and can manage and meet deliverables and deadlines
  • Demonstrated ability to conceptualize, analyze, and communicate complex issues to technical and non-technical management and workers
  • Demonstrated ability to understand, follow, and refine processes
  • Familiarity with security standards and best practices such as the Health Information Portability and Accountability Act (HIPAA), SANS Top 20 Critical Security Controls, ISO 27002, the Payment Card Industry, National Institute of Standards and Technology, Center for Internet Security
  • Prefer one or more of the following IT Security certifications such as CISSP, CISA, GWAS, GNET, GSSP-C, GCWN, GHTQ, CCSP, CIPP or CIPP/IT
Prefer familiarity with project management and budgeting practices