Data Recognition Corporation-Maple Grove, MN
Senior Information Security Analyst  
Company cannot provide sponsorship for this position  
No agencies, please  

Summary

This position is part of the Data Recognition Corporation (DRC) Information Security Team that has an important role in the defining and verifying the secure operation of the DRC environment. This position has lead responsibility for two (2) critical components of a security practice – overseeing the security components which proactively protect the environment and those which help to detect security events and incidents and the response to them.

This position also assists with other aspects of the security practice, including defining and maintaining DRC’s security policies, standard and procedures; increasing the organizations security awareness; and assessing DRC’s compliance to security policies, security regulations and DRC client security expectations.

This position can be fully remote, located on site in the Maple Grove headquarters building or hybrid.

Responsibilities

Provide a diverse range of senior security support functions. The list below reflects many of the activity and support responsibilities of DRC’s Information Security Team. This position is not expected to have deep experience in all these functions but can successfully contribute to the team in achieving them.

Protect

• Vulnerability Management – actively scan for vulnerabilities and proactively identify vulnerabilities to reduce or eliminate potential exploitation.
• Configuration Management – assists DRC in maintaining CIS Benchmark best practices for configuration management.
• Compliance Management – assists DRC in maintaining in compliance with security regulations, insurance cyber security requirements and client security requirements.

Detect and Respond

• Security Information Event Management (SIEM) – integrate relevant log data from multiple sources, developing appropriate alert rules, monitor for events and take appropriate actions to remediate.
• Risk Management – Ensure appropriate treatment of cybersecurity risk and monitor for compliance to DRC’s Information Security policies, standards, and procedures.

Other

• Ensure successful implementation of security policies and standards.
• Administer Information Security processes and tools that enable the organization to operate effectively and efficiently.
• Stay current on information security threats and exploits as well as technology trends then adjust DRC’s security profile accordingly.
• Work with internal teams (IT infrastructure, application development, and business) to assure security requirements, policies and standards are implemented appropriately.
• Handles a varied workload of security projects and initiatives with multiple priorities.
• Support and participate in internal and external audits of DRC’s security control policies, standards, and procedures.

Essential Qualifications

• 5+ years of experience in a security administration role in an enterprise environment with the most recent experience being within the last year.
• Experience managing a Security Information and Event Management (SIEM) service, specifically using LogRhythm.
• Experience managing vulnerability, configuration, and compliance Scanning using Tenable.sc (Security Center, Nessus) or similar.
• Possesses a high level of personal integrity and the ability to discreetly handle sensitive, personal, and classified case information.
• Experience prioritizing vulnerabilities and overseeing that they are addressed or properly mitigated.
• Experience performing risk management and vulnerability assessments.

Preferred Qualifications

• College degree or equivalent work experience.
• Experience with Federal Information Security Management Act (FISMA) leveraging National Institute of Standards and Technology (NIST) security controls (NIST 800-53, rev 4/5).
• Experience with ISO 27001 security certification and ISO 27701 privacy certification is a plus.
• Familiarity with CIS Benchmarks and CIS Controls.
• Experience with compliance to Family Educational Rights and Privacy Act (FERPA) and/or Health Insurance Portability and Accountability Act (HIPAA) a plus
• Security certification such as Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Auditor (CISA) is a plus.
• Experience supporting and participating in third party vendor security assessments and audits, reviewing audits findings as well as reviewing responses to security findings and remediation plans.
• Understanding of patch management processes and best practices.
• Ability to objectively represent DRC’s interest when engaging with external parties, including auditors.
• Ability to view vulnerabilities in the context of both the risk assessment and the organization’s risk appetite.

Reporting to this position:  No direct reports

The Employer retains the right to change or assign other duties to this position

Company cannot provide sponsorship for this position

Please, no agencies