Enterprise Security Analyst

OtherHybrid Remote, Richardson, Texas


                      Must be located in, or willing to relocate to, the Dallas Fort Worth area. This role requires 3 days in office. 

Who we are:  BAL is a team of brilliant people who change lives through elite immigration work and collaborative innovation. We pursue the exceptional in all that we do, but never at the expense of our values. There’s no denying our work is demanding, both in volume and pace, but we’re up for the challenge. We love the balance of hard work and fun – so, you’ll see us in jeans as we shatter glass ceilings and conventional stereotypes. BAL employees feel valued, rewarded, and respected. We seek opportunities to be of service to others and our communities. We are committed to your growth and development, and want to set you up for success here at BAL and beyond.

Who you are: You are looking for work that has purpose. You aren’t afraid to roll up your sleeves and get stuff done. You learn quickly. You move fast. You embrace challenge and detail as well as creative thinking.  You believe you have something unique to contribute and you aren’t afraid to raise your hand.  You understand that powering human achievement is ultimately about impacting a real person. You are looking for a place to grow and an environment where everyone has a spot and is genuinely welcome. 

We’re better together:  A bright, driven person like you and an industry-leading powerhouse like BAL? It’s a perfect combination! We truly want to see you succeed here and become an integral part of our mission to provide an experience that makes a positive difference in people’s lives. Come be a part of something special, where you can have an impact and be valued just for being you!
The Security Analyst will work in a dynamic, fast-paced environment as part of the Enterprise Security & Privacy (ES&P) team. We are looking for someone who is proactive, results driven, has exceptional attention to detail, and above average communication skills. The ideal person for this role is willing to take ownership of deliverables and assigned projects, thinks outside of the box, and has a desire for continuous learning.              
RESPONSIBILITIES (under the supervision of the Sr Manager of ES&P):            
  • Supports the ongoing management and improvement of the corporate Information Security Management System (ISMS) and Privacy Information Management System (PIMS) to maintain compliance with ISO standards 27001 and 27701
  • Performs required internal audits of IT, Security and Privacy controls and processes
  • Assists in tracking and closing identified action plans from internal and external audits
  • Serves as day-to-day lead for reviewing and responding to Security and Privacy events (incident response)
  • Performs / coordinates the performance of access reviews related to ISO 27001 / 27701 compliance
  • Monitors the performance of required ISO 27001 and 27701 control activities throughout the company
  • Works with the SecOps team to review and escalate security operations alerts and vulnerabilities
  • Assists in the support of the Third Party Risk Management (TPRM) program, performing vendor reviews and risk analyses
  • Assists in the coordination, documentation and submission of Request for Proposal (RFP) responses and client security assessment questionnaires
  • Manages and routes communications for the Security and Privacy teams (#Security, #Privacy and #SecOps mailboxes)
  • Monitors and documents key metrics in support of the ES&P team
  • Owns and updates various reports and documentation supporting security, compliance and privacy
  • Works with teams across BAL to operationalize compliance requirements
  • Documents new security and compliance-related policies and procedures as needed
  • Assists in the development of security, privacy and compliance awareness campaigns and training materials
  • Supports the Business Continuity program in compliance with ISO 27001 requirements
  • Performs research as requested to support overall program requirements
  • Performs gap analyses as needed  
  • Efficiently manages multiple projects with competing deadlines
  • Other duties as assigned
  • Bachelor’s Degree or equivalent experience   
  • 2+ years experience with a background in information security, privacy, compliance, audit or risk a plus
  • Knowledge of internal audit / audit principles a plus
  • Knowledge of ISO standards 27001, 27701 and/or 22301 a plus
  • CISA or other relevant certification a plus
  • Ability to communicate effectively with various internal stakeholders
  • Strong organization skills and attention to detail with the ability to plan, prioritize and meet deadlines
  • Ability to differentiate critical data from the noise in projects, processes and procedures
  • Ability to work independently and in a collaborative team environment
  • Above average written, verbal, and interpersonal skills
  • Is passionate about learning and is interested in security, privacy, and compliance
  • Not afraid to jump in and figure things out!

WORKING CONDITIONS: Able to sit and work at a computer keyboard for extended periods of time. Able to stoop, kneel, bend at the waist and reach on a daily basis. Able to perform general office administrative activities: copying, filing, delivering and using the telephone. Able to lift and move up to 25 pounds occasionally. Regular and on-time attendance. Must be able to prioritized, schedule and complete testing required for multiple applications with overlapping schedules. A certain degree of creativity and flexibility is required. Hours may exceed 40 hours per week. Occasional travel by conventional means including aircraft, motor vehicle and the like within the region and to other locations as required.

Note: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required and are not intended to be an exhaustive list of all duties, responsibilities or qualifications associated with this job.

Berry Appleman & Leiden is an Equal Opportunity Employer. It is the policy of BAL to ensure an equal employment opportunity without discrimination or harassment on the basis of race, color, national origin, religion, gender, gender identity or expression, age, disability, alienage or citizenship status, marital status, creed, genetic predisposition or carrier status, sexual orientation or any other characteristic protected by law. BAL prohibits and will not tolerate any such discrimination or harassment.

BAL does not accept unsolicited resumes from recruiters or employment agencies. BAL is under no obligation to pay any referral compensation or recruiter fee in the absence of a current executed Recruitment Services Agreement. In the event a recruiter or agency submits an unsolicited resume or candidate without an agreement, BAL reserves the right to pursue and hire said candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of BAL. If your agency would like to be considered as a potential recruiting partner, please forward your contact information to [email protected].