Overview: Management Science Associates, Inc. (MSA) is a diversified information management company that for over half a century has given market leaders the competitive edge in data management, analytics and technology. We are seeking an Information Technology Security Analyst to join MSA’s Information Technology Systems and Services (ITSS) division to support governance, risk management and compliance (GRC) initiatives.
Develop and maintain Information Security Policies, Standards, and Guidelines. Develop and maintain governance, risk management and compliance (GRC) programs related to system and data protection efforts across the company. Define and deliver appropriate GRC metrics to upper management.
Understand technology and operational risks to the Information Technology Services organization as well as related laws, regulations, and industry standards, specifically as related to internal technology solutions. Work with others to help promote effective management of identified risks in accordance with the Risk Management program.
Work with division leaders and team members to implement GRC procedures and controls that are necessary to ensure and protect the safety and security of information systems assets, including prevention of intentional or inadvertent access, modification, disclosure, or destruction
Enhance and improve operational performance through the use of automated Information Security GRC processes and testing activities, where applicable
Perform information security and compliance assessments and audits to ensure that information systems are adequately protected to meet all appropriate requirements and associated controls
Work with team members to maintain and update all IT controls, standard procedures, documentation, policies and enforcement of processes to enable compliance with regulatory requirements as well as company audits
Develop, track and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
Assess, document, and report security risks and control gaps. Collaborate with internal groups to direct compliance issues to appropriate channels for investigation and resolution.
Gather and maintain information for IT Disaster Recovery/Business Continuity plans
Assist in maintaining and propagating an effective compliance education, awareness and communication program for the organization
Participate in the routine administrative work of the Information Security team including monitoring, vulnerability scanning, penetration testing, log review, web content filtering and incident response
Bachelor's degree in Information Technology, Information Systems, Management Information Systems, Computer/Electrical Engineering or related discipline, or equivalent experience.
Minimum five years of related experience in information technology governance, risk management and compliance (GRC)
Strong understanding of NIST, HITRUST and Trust Service Principles (SSAE) framework
Proven ability to apply toward internal IT controls for the purposes of internal and external audits including federal, state and local regulations
Knowledge of privacy laws, data protection, security regulations and frameworks. Familiar with system, security and network engineering best practices and industry standards and trends.
Knowledge of security tools and uses such as Intrusion Detection, Vulnerability Scanner and Application Assessment tools
Excellent communication skills, both written and oral, with the ability to clearly communicate procedures, policies, and compliance status
Excellent time management skills, including appropriate sense of urgency, dependability and a proactive approach
Demonstrated problem solving skills with the ability to handle issues and manage risk. Uses good judgment to solve problems as well as proactively identifying potential problems and proposing solutions.
Effective organizational skills with the ability to prioritize workload and meet project deadlines
Attention to detail
Proactive and positive attitude with diplomacy and the willingness to take responsibility. High degree of flexibility, motivation and drive. Able to adjust to changes in approach based on new information. Able to be self-directed in a fast-paced environment.
Proficiency with Windows operating based computer systems and advanced MS office skills including MS Word, MS Excel, MS Access, MS PowerPoint, MS Explorer and MS Outlook calendar and email
Well versed in IT infrastructure vulnerabilities and industry best practices in securing IT systems
Experience with common operating systems, such as Linux and/or Microsoft Windows
Knowledge of how security relates to a LAN and WAN environment
Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
Demonstrate an understanding of information systems and processes, and apply that knowledge in conducting IT audits
Ability to learn and apply new concepts and rapidly absorb technical information as required
Ability to anticipate and coordinate multiple projects. Closely track progress against a plan with strict adherence to deadlines.
Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results
Ability to remain professional under pressure and work in a fast-paced multi-tasking environment
Embraces constructive feedback and continually seeks to improve performance
Demonstrate integrity within a professional environment