Our Information Security group is responsible for protecting corporate information assets from unauthorized disclosure, accidental or intentional loss of data, and modification. This group works
to proactively identify existing and emerging risks and threats, as well as implement strategies and identify mitigations to corporate risks by working directly with our business partners. The Information Security Analyst is responsible for providing strategic security guidance to business units and technology domains delivering solutions with similar functions. This role will provide guidance and feedback based on reviews of product releases. The successful candidate will interact with a broad cross-section of personnel to coach business and information technology owners in creative ways they can help secure our data. Acting as an Information Security ambassador to the business, this role determines security requirements by evaluating business strategies and requirements; researching information security
standards; conducting system security and vulnerability analyses and risk assessments studying architecture/platform and mitigating integration issues to enable business needs.
Job Functions / Accountabilities List the essential job functions for this job along with the approximate percentage of time spent in atypical week (% of time spent should not exceed 100%). Begin each job function with an action word such as create, analyze, coordinate, advice, approve, manage, lead, etc. Between five and ten essential functions are typical, depending upon the complexity of the position. Where possible, try to describe what the job is accountable for and the expected outcome in the description for each essential job function.
Essential Job Functions / Accountabilities
BISO Activities - 75%
- Perform risk assessments of information systems and infrastructure at product release; recommend appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management.
- Build an information security-conscience culture within each responsible business unit.
- Communicate current and emerging security threats to the business and across security domains.
- Create solutions that balance business requirements with information and cyber security requirements.
- Collaborate with business units, application teams, architectural teams, and third-party vendors to provide guidance on security controls for managing risk for TFS.
- Aid in the development of (security) Threat Model designs and exercises.
- Maintain highly developed knowledge of security best practices and technologies.
- Manage the communication of technical topics to diverse audiences including technology teams, leaders, and business users without a technical background.
- Manage multiple simultaneous fast-paced projects covering diverse business initiatives.
- Work on multiple projects and tasks concurrently.
- Communicate technical topics to diverse audiences including technology teams, leaders, and business users without a technical background.
BISO Service Management - 25%
- Conduct active service improvement conversations with key business stakeholders to ensure
- that the BISO services are operating at optimal levels.
- Report, communicate, and provide feedback to other BISOs and senior Information Security
- management in the performance of the BISO function.
- Identify, contribute to, and develop process improvements to increase efficiency in BISO
- function, in information security generally, and the responsible business and technology
- domain.
The following functions/accountabilities are essential for all jobs:
- Work collaboratively with team members.
- Meet regular performance expectations.
- Ability to maintain regular and predictable attendance to support team and business objectives.
- Capability to work flexible hours, which may include day, evening, and weekend hours.
- Ability to be at work on time, to return from breaks and lunch periods on time, and to leave the work area after the end of their scheduled workday (applicable to jobs subject to attendance policy)
- Other related functions/accountabilities may be assigned, but are not essential
Additional Job Functions
- Maintain highly developed knowledge of security best practices and technologies.
- Effectively identify, communicate, and escalate issues in a timely fashion.
- The above lists of job functions and accountabilities are not exhaustive and may change as necessary.
Benefits:
- 401(k).
- Dental Insurance.
- Health insurance.
- Vision insurance.
- We are an equal-opportunity employer and value diversity, equality, inclusion, and respect for people.
- The salary will be determined based on several factors including, but not limited to, location, relevant education, qualifications, experience, technical skills, and business needs.
Additional Responsibilities:
- Participate in OrangePeople monthly team meetings, and participate in team-building efforts.
- Contribute to OrangePeople technical discussions, peer reviews, etc.
- Contribute content and collaborate via the OrangePeople-Wiki/Knowledge Base.
- Provide status reports to OrangePeople Account Management as requested.
About us:
OrangePeople is an Enterprise Architecture and Project Management solutions company. Our most valuable asset is our people: dynamic, creative thinkers, who are passionate about doing quality work. As a member of the OrangePeople team, you will have access to industry-leading consulting practices, strategies & technologies, innovative training & education. An ideal OrangePeople Person is a technology leader with a proven track record of technical achievements and a strong process/methodology orientation.