Information Security Analyst

Career Opportunities ,

Job Title: Information Security Analyst

Company: Agropur

Location: Eden Prairie, Minnesota / Appleton, Wisconsin

Description: 

The Information Security Analyst works closely with the other members of the security team to develop and implement a comprehensive information security program. This includes focusing on defining core security policies, processes and standards. The Information Security Analyst works closely with the business, other technology teams and service providers to identify risks and ensure proper deployment of technical controls to meet specific security requirements.  This position also defines processes and standards to ensure that security configurations are maintained.

Information Security Governance and Implementation of Controls (40%)

  • Works with business units and with other risk functions to identify business security requirements, using methods that may include risk and business impact assessments.

  • Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.

  • Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.

  • Collaborates on critical IT projects to ensure security issues are addressed throughout the project life cycle.

  • Works with Enterprise and Solution Architects to identify, select and implement proper security controls.

  • Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.

  • Participates in developing a security awareness program to mitigate human risks.

  • Ensures employees and third parties understand, acknowledge and fulfill all applicable information security policies.

  • Creates a metrics framework that effectively measures compliance with information security policies.

Risk Assessments (25%)

  • Manages and maintains strong working relationships with stakeholders involved in managing information risks across the organization.

  • Performs focused information risk assessments of existing or new processes, services and technologies, along with business counterparts.

  • Provides consultative advice to business stakeholders, information governance or security teams that enables them to suggest informed risk management decisions.

  • Assists in the development of a common set of risk evaluation and controls tools. Defines parameters for their use and conducts reviews of tool output.

  • Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.

  • Conducts risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.

Information Security Solution Design (25%)

  • Assists in the development of security architecture and security policies, principles and standards.

  • Participates in the enterprise and solution architecture communities to provide security guidance.

  • Researches, evaluates, designs, tests and recommends the implementation of new or updated information security technologies.

  • Researches and assesses new threats and security alerts; recommends remedial actions.

Audit Support (10%)

  • Maintains close relationship with internal and external audit teams.

  • Receives audit findings and manages the collection of responses and remediation plans with stakeholders.

  • Works within the information security governance process to define control recommendations that are both efficient and effective.

  • Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes.

This list of duties and responsibilities is not all-inclusive and may be expanded to include other duties and responsibilities, as management may deem necessary from time to time.

Experience, Skills and Abilities: 

  • Bachelor’s degree in Computer Science, Information System, Cybersecurity, or related field required.

  • Minimum five (5) years of in-depth experience in information security, especially in an SOC (security operations center) role with understanding business functions, visions and processes required.

  • Minimum five (5) years of experience with information security management frameworks (NIST CSF, ISO, COBIT, others) required.

  • Security Certification from a recognized organization (ISACA, ISC2, others) required.

  • Equivalent combination of education and/or experience may be considered.

The Extras (Preferred Qualifications):

  • Bilingual (French and English) preferred.

Hours/Employment Type: Full Time

Salary: N/A

How to Apply: Please visit our online posting

AA/EEO – Minority/Female/Disability/Veteran/Sexual Orientation/Gender Identity