Building Service 32BJ Benefit Funds · 6 hours ago
Information Security Analyst
New York, NY, US
Full-time
Onsite
Mid Level
$110K/yr - $115K/yr
4+ years expBuilding Services 32BJ Benefit Funds is responsible for administering benefits to over 100,000 SEIU 32BJ members. The Information Security Analyst will plan and implement security measures to protect the Funds’ computer networks and systems, while developing policies and procedures for information security.
EducationNon ProfitTraining
Responsibilities
Provide guidance and expertise in the field of risk management regarding the protection and security of digital assets in the cloud and on premise
Design and develop Information Security Architectures to prevent unauthorized access to our information and data breaches
Develop and implement information security policies and procedures; develops security guidelines and safe practices for Funds’-wide computing and networking systems, and maintain the documentation
Manage, maintain and monitor security technologies such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions
Manage real time threat detention technologies to identify and quarantine threats, Monitor Endpoint Security Alerts and take corrective action
Minimize security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan
Monitor internal control systems to ensure appropriate access levels are maintained, protect against unauthorized system access, modification and destruction
Review security related reports, logs and occurrences; escalate issues and initiate security response procedures
Create and review vulnerability reports, track compliance with vulnerability management policies, and escalate
Research and evaluate emerging technologies in support of security technology enhancements, propose technical solutions to management, to address security weaknesses and coordinate with relevant stakeholders to implement
Reviews, updates, and enforces data security practices within the organization; tests for exposures to ensure adherence to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate
Tests security controls and manages the associated remediation of any deficiencies as needed
Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents
Perform Project Management tasks for security initiatives /projects
Manage incident-handling processes, which include implementation of containment, protection, and remediation activities
Coordinates the handling and resolution of security incidents, to include system intrusions and abuse, and acts as a primary point of contact
Develop responses to internal & external audits, penetration tests and vulnerability assessments
Support Information Security training and awareness by providing ideas and content, assist HR with employee security awareness education and training
Manage multiple priorities and deadlines concurrently
Provide support after hours, on weekends and through on-call rotation
Performs other duties as assigned
Qualification
Required
Minimum 4 years in Information Security, or IT OPS management and systems administration with at least 2 years specific to IT Security
Strong knowledge of Information Security design, principles, and processes
Experience in writing and /maintaining information security policies, standards, and guidelines
Demonstrated ability to monitor and audit network security systems such as Firewalls, IPS, SIEM, DLP, web proxy, NAC, and Vulnerability scanners
Hands on experience with mitigating security controls (i.e., anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPNs)
Experience in incident response required
In-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing
Advanced experience in networking (TCP/IP) protocols, DNS, LDAP, AD, DHCP, HTTP, Web browsers, Firewalls, and other computer/network security and system administration
Familiar with regulatory compliance regulations (PCI, SOX, PII, HIPAA, etc.)
Strong knowledge of common security frameworks (ISO, NIST, etc.)
Experience in risk assessments and vulnerability management
General knowledge of Endpoint protection solutions
Knowledge of mainstream operating systems (Microsoft Windows, Linux, IOS) and a wide range of security technologies
General knowledge of Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc.)
Ability to independently identify, research and resolve issues with minimal amount of supervision, and ability to work with peers in a team effort
Detail oriented with excellent organization and analytical skills
Ability to plan, take initiatives to accomplish objectives in timely fashion, and work independently
Ability to prioritize work and meet deadlines
Ability to establish and maintain effective working relationships with project team members, supervisors, and other employees
Bachelor's degree in Computer Science, or a related discipline
Speak, read, write and understand English
Preferred
CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor) certification are highly preferred
Company
Building Service 32BJ Benefit Funds
The Building Service 32BJ Benefit Funds is the umbrella organization responsible for administering benefits, including Health, Pension, Retirement Savings, Training and Legal Services benefits to over 100,000 SEIU 32BJ members.
501-1000 employees
Funding
Current Stage
Late StageLeadership Team
Anna McQuere
Assistant Director of Clinical Partnerships
Sabrina Benteftifa
Clinical Partnerships Manager
Company data provided by crunchbase