Security Analyst

Other New York, New York


Description

We are seeking a Senior Security Analyst reporting to the Global CISO, this individual will assist in the implementation and maturity of the Cyber Security program. The Security Analyst will contribute to the creation of baselines, guidelines and procedures. Also accountable for conducting third party assessments, risk, governance and compliance, and privacy assessments.

The individual will evaluate new technologies and processes as assigned and will provide security recommendations and mitigation strategies.  The individual will lead security projects and Junior Analyst as assigned by CISO, as well as participate in other organizational projects addressing Information Security.

Essential Duties

  • Contributor to Incident Response planning, tabletop exercises, runbook creation and document recertification.
  • Ability to understand current and emerging security threats/vulnerabilities within DDB, communicate impact based on potential risk, and prioritize and drive mitigation and remediation efforts.
  • Ability to manage schedules to drive continuous operational improvement and remediation initiatives, and assure these solutions are delivered in line with DDB standards.
  • Provide a point of escalations and support to the Security Operations Center and other augmented security teams.
  • Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness.
  • Manage relationships with other technology/business/corporate/control functions.
  • Meeting internal and external audit requirements and gathering and providing information to auditors
  • Responds to incidents, investigates violations, and recommends enhancements to plug potential security gaps
  • Trains users on security protocols, promotes security awareness, develops policies and procedures, and provides updates and reports to management and executive staff.
  • Utilizes specialized expertise, up-to-date knowledge & proficiency in analysis, forensics, and reverse engineering to monitor and diagnose malware events & vulnerability issues resulting in Web threats that facilitate cybercrime, including malware, phishing, viruses, denial-of-service attacks, information warfare, and hacking.
  • On call support will be required

The following competencies are required of the candidate:

Generates new ideas and methods to further the mission of quality service.

Accepting responsibility for the sphere of services he or she provides. Takes ownership and responds positively to address mistakes, resolve complaints and improve quality.

Effectively communicates in the interest of the agencies, department, and customers alike. Fosters cooperation and teamwork among staff, speaks and writes clearly and in a well-organized manner

Practices effective problem-solving; Improves skills and pursues learning opportunities in areas of responsibility to further this trait.

Gathers relevant information systematically to generate solutions. Is adept at using statistical/financial information to solve problems. Grasps complexities and perceives relationships between issues.

Works efficiently for results; Conveys a sense urgency and drives issues to closure.

Qualifications include:

  • Bachelor’s degree in a related field
  • Minimum of three (3) years of information security
  • Knowledge and understanding of information risks, concepts, principles and industry standards, including: NIST, ISO 27001, and OWASP
  • Knowledge of risk assessment methodologies and technologies
  • Basic knowledge of TCP/IP, Routing and networking for incident troubleshooting.
  • Experience developing, documenting, and maintaining security policies, processes, procedures and standards
  • Must have a proven track record of excellent research and analytical skills
    • Outstanding interpersonal and communication skills
    • Outstanding experience creating, reports, scorecard and documents
    • Cross-team functionality essential to understand business needs for existing clients and new vendors