Information Security Analyst II

About the Role:

We are seeking a proactive and detail-oriented Information Security Analyst to safeguard our organization's information assets. This role will be instrumental in executing Data Loss Prevention strategies, managing incident response efforts, assisting with conducting cyber risk assessments, and ensuring robust security monitoring, all while maintaining a strong focus on proactive threat mitigation. Preferred candidate would have previous managed service provider experience.

What You'll Do:

Data Protection:

• Proactively manage and optimize Data Loss Prevention strategies and toolsets, ensuring effective protection of sensitive data across all platforms.
• Implement and refine data access monitoring and alerting systems, identifying and investigating anomalous user behavior to prevent potential data exfiltration.
• Champion and enforce data security best practices, contributing to the development of organizational standards and promoting a culture of data protection.

Incident Response:

• Lead and coordinate the full incident response lifecycle, from initial detection and containment to thorough eradication and recovery, minimizing business impact.
• Conduct in-depth analysis of security alerts and logs, leveraging advanced SIEM capabilities to identify and prioritize potential security incidents.
• Collaborate seamlessly with cross-functional teams during incident response, ensuring efficient communication and timely resolution.
• Provide comprehensive data analysis and reporting to support insider threat investigations, assisting in the identification and mitigation of potential internal risks.
• Implement and refine user activity monitoring protocols, enhancing our ability to detect and respond to suspicious behavior.

Risk Assessment:

• Maintain and enhance Motive's Cyber Risk Profile, aligning with the NIST Cybersecurity Framework (CSF) to ensure comprehensive and proactive risk management.
• Perform detailed security risk assessments, identifying vulnerabilities and recommending appropriate mitigation strategies to reduce the organization's attack surface.
• Develop, implement, and monitor risk mitigation plans, ensuring timely and effective remediation of identified security risks.

Third-Party Risk Assessment (Including AI):

• Conduct third-party risk assessments, evaluating security postures and compliance with organizational standards, with a focus on data handling, access controls, and incident response capabilities.
• Evaluate the security implications of third-party AI implementations, assessing data privacy and potential vulnerabilities introduced by AI-driven services.
• Collaborate with legal and procurement teams to incorporate security and compliance requirements into third-party contracts, ensuring clear expectations and accountability.
• Monitor and assess the security of third party access to company data and systems, including monitoring for unusual AI driven traffic patterns.

Compliance:

• Maintain security controls to ensure continuous adherence to regulatory compliance standards, including SOC 2, SOX, ISO and PCI DSS.
• Conduct security assessments and internal audits, verifying compliance with industry regulations and organizational security policies, and providing actionable recommendations for improvement.
• Collaborate in the development and maintenance of comprehensive security policies and procedures, ensuring alignment with evolving compliance requirements and industry best practices.
• Streamline the audit process by efficiently gathering and organizing necessary documentation and evidence, facilitating smooth and successful compliance audits.

What We're Looking For:

• Bachelor’s degree in Computer Science, Information Technology or a related field.
• 7+ years experience in Information Security,  IT audits, compliance and risk management.
• Proficient in Data Loss Prevention and CASB related technologies 
• Deep understanding of NIST CSF Framework
• Excellent communication and presentation skills.
• Detail-oriented with a focus on quality and compliance.
• Someone with the highest ethical standards who can be trusted with the most wide-ranging access to sensitive information

Certifications (Preferred): 

• CEH or equivalent 
• Security + or equivalent 
• CISA (Certified Information Systems Auditor) or equivalent