Sr. Security Analyst

c

Job Objective
To research, evaluate and recommend systems, tools, and procedures to ensure the protection of information processed, stored or transmitted in a multi-platform environment; identify and assess Security risks and exposures; develop, maintain, and modify Security policies, standards, and procedures; determine the cause of complex Security violations and suggest procedures to prevent / halt future incidents; identify, evaluate, conduct, schedule and lead technical analyses to ensure that all applicable IS Security requirements are met by new development or new third-party systems; conduct application and system access reviews on a recurring basis; provide technical analysis of requirements necessary for the protection of all information processed, stored or transmitted; develop Security processes and procedures using current products and technologies to comply with rigorous system development life cycle (SDLC) and project management best practices, internal Sarbanes Oxley (SOX), SAS70, and other processes related to audit, regulatory or compliance requirements; adhere to Change Control and Problem Management .

Application & Web-based Security

Reviews all components of applications and web-based applications for security vulnerabilities.

Compares TIAA-CREF applications to best practice application and web-based architectures.
Tests applications thoroughly for security vulnerabilities using current tools and procedures.

Systems & Network Security

Understands security and hardening standards for mainframe, Windows, UNIX and AS/400 systems.

Understands security and hardening standards for networks, especially CISCO based networks; understands virtual private network (VPN) and remote access security.
Reviews systems and networks for security vulnerabilities.

Testing & Detection
Creates security testing templates for application developers and implementers of third-party products.
Able to test systems, networks and applications for security or manage a subject matter expert (SME) for the same in a specialty area.


Able to set up and manage detection / prevention tools that detect security vulnerabilities.


Possesses knowledge of COBIT, ISO17799, ITIL foundations.
Able to assess and improve processes to meet audit, SAS70, policy or best practice compliance.
Possesses knowledge of regulatory requirements for security, such as Sarbanes-Oxley and GLB.

Writes / communicates about and presents security topics for technical and business audiences.
Communicates the importance of security in all business activities, such as meetings, reviews, projects, etc.

Product Provisioning

Fosters a consistent methodology of continuous process improvement and automation.

Possesses knowledge of CA e-Trust Admin products and Courion.

Possesses knowledge of role based provisioning methods and issues.




BS in Computer Science, related field or 5+ years of equivalent experience.


Assists management in coordinating business area activities and balancing workload.


Serves as SME on Security analysis, policies, standards, and procedures.


Leads the evaluations of systems and procedures to ensure the protection of information processed, stored or transmitted in a multi-platform environment; ensures their compliance with internal SOX, SAS70 and audit regulations and requirements.


Identifies the most complex Security risks and exposures.

Determines the cause of complex Security violations at the highest technical level and suggests remediation procedures to prevent / halt future incidents.

Develops timely and effective communications regarding the most complex Security issues, policies, standards, and procedures to advance Security awareness of IT groups and business partners.

Leads efforts to develop and implement Security policies and procedures (e.g. user log-on and authentication rules, Security breach escalation procedures, Security auditing procedures and use of firewalls and encryption routines).


<FONT FACE=Arial COLOR=bla...PLEASE APPLY USING THIS BUTTON ONLY