Myticas's direct client based out of North Chicago, IL is currently seeking a Sr. Information Security Analyst for a 100% Remote contract position.
Sr. Information Security Analyst will work with various internal and external groups to ensure that the client’s information security policies, practices, and procedures are properly implemented within the client’s Business Programs. The analyst reviews business programs, projects, and initiatives from inception, throughout the implementation, to end of life, to ensure that appropriate security controls are applied throughout the entire lifecycle.
- Establishes and maintains strong relationships with IT and Business group leaders to understand goals, programs and strategic objectives. Evaluates and articulates program security requirements; identifies potential security risk factors and business impacts.
- Engages client’s Third Party Suppliers to assess security posture, remediation requirements, and compensating controls as they apply to Business Programs.
- Develops in-depth knowledge of the client’s Information Security policies, processes, and procedures, as well as compliance processes and initiatives to provide subject matter expertise and guidance to other organizations (Commercial, R&D, Audit, Legal, Purchasing, etc.) within the client.
- Provides Information Security expertise and guidance to Business group leaders and IT Owners to ensure an appropriate balance between security risks and business enablement for identified business programs and initiatives.
- Review data security terms and conditions during the contract negotiation process, and ensure that redlines to standard client data security terms comply with company policies.
- Acts as a central point of contact with regard to Information Security matters and client’s security policies for client Purchasing, Legal/Privacy and Quality during the supplier evaluation and contract negotiation process.
- Reviews current technology and information policies and practices for continued applicability with respect to client’s commercial and R&D business programs.
- Provides recommendations for improvements.
- Overall security knowledge, specifically in Encryption tools and techniques, Systems Support/Server Admin experience, Identity Access Management, and Third Party Evaluation process.
- Must have security controls experience on the supplier side- Third Party risk management( A risk analyst at third party).
- Able to evaluate and articulate supplier information security requirements.
- Review supplier evidence/answers to Third Party Evaluations and provide information security expertise and guidance to business owners to ensure appropriate understanding of information security risks.
- Able to work across the different business units/functions at all levels of the organization.
- The candidate will be attending/assisting meetings with business owners, sr. management and suppliers to understand risk, remediation activities, and effectiveness of remediation plans against our security controls to close open security issues/gaps.
- Demonstrated skills in project management, collaboration, communication, and organizational skills.
Nice to have skills:
- CISA and/or CISSP experience/certifications
- Mix of IT operations and business programs