Job Title: “Information Security Specialist” (Cyber security analysis)
Location: Bellevue WA
Duration: 9+ Months (with high possibility of extending into full time)
Job Description:
This position is in Corporate Information Security and under the direction of the Manager, Third-Party Cybersecurity Assessments. The Cybersecurity Assessment Analyst will perform cybersecurity assessments on new and existing third parties. The Analyst will construct detailed and summary reports of assessments, including customized reports, as needed. The Analyst will work with Subject Matter Experts (SME) to develop and apply risk assessment criteria (aligned with Policy) to new and existing suppliers using internal and external business intelligence. The Analyst will work with Third-Party Risk Management, Privacy and Legal Counsel, Procurement and Contract Managers, Compliance, and Business Owners to develop and maintain an internal service model that informs the business of key risks in a timely manner to limit unnecessary impediments and avoid bureaucracy.
Specific responsibilities:
- Coordinate the development of information security policies, standards and procedures. Work with key IT offices, data custodians and governance groups in the development of such policies. Ensure that company policies support compliance with external requirements. Oversee the dissemination of policies, standards and procedures to the user community
- Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users, and vendors
- Serve as the company compliance officer with respect to state and federal information security policies and regulations. Work with the -designated internal audit, SOX compliance, legal, and HR on compliance issues as necessary. Prepare and submit and submit required reports to external agencies.
- Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties.
- Serve as the official company contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities.
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
Required Qualifications:
Talent management, results focus and inspirational leadership.
Essential Functions
• Conduct third-party cybersecurity risk assessments, applying established criteria
• Support assessment team with quality assurance reviews over work product and reporting
• Collaborate with internal partners and third parties to mitigate and otherwise resolve third-party cyber risks
• Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards
• Demonstrate consistent credibility with business partners and leadership while recommending initiatives, identifying gaps, and potential issues
• Continuously demonstrate the ability to work independently while representing the services of the department with the highest level of professionalism
• Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so
Preferred Qualifications:
• Solid background both educationally and via professional experience. No less than 3 years’ professional experience in business operations, project/program management, finance, risk management, information security, business analytics or similar.
• Experience in large companies and/or complex environments, or providing professional consulting services for them.
• Demonstrated abilities in problem-solving and analysis: identifies issues, analyses information to assess root cause and relationships, risks, and potential risk responses. Proven ability to synthesize and summarize complex data into concise recommendations and reports.
• Demonstrated strong business writing and professional oral communication skills.
• Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment—with only periodic supervision.
• Ability to work collaboratively and manage and initiate effective cross-functional relationships.
• Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses.
Desired
• Analytical - Synthesizes complex or diverse information; Collects and researches data; employs intuition and experience to complement data; Designs work flows and procedures.
• Quality Management - Looks for ways to improve and promote quality; Demonstrates accuracy and thoroughness. Applies feedback to improve performance; Monitors own work to ensure quality
• Planning/Organizing - Prioritizes and plans work activities to achieve success; Sets and achieves goals and objectives; Develops realistic action plans
• Professionalism - Reacts well under pressure; Keeps commitments; Accepts responsibility for own actions.
• Career Growth: Focus on cyber security auditing with potential advancement goals in engineering or threat analysis roles
• Self-directed team player with Agile environment experience
Education
Minimum Required
• Bachelor’s Degree
• Equivalent experience is acceptable.
License or Certification
Desired: (one of the following):
CISA (Certified Information Systems Auditor)
GSEC (GIAC Security Essentials Certification)
CompTIA – Security+
ECSA – EC-Council Certified Security Analyst
SSCP (Systems Security Certified Practitioner)
Other:
Six Sigma, PMP or Agile certificates
Other comments - suppliers:
Organizational skills; office suite knowledge; and good communication skills are “must haves”. Cyber security analysis experience is preferred.
