Sr. Information Security Analyst

Job Description:

The Senior Cybersecurity/Information Security Analyst will be responsible for overseeing all aspects of information security within the organization. This role involves designing, implementing, and monitoring security measures to protect systems, networks, and data from cyber threats. The ideal candidate will have extensive experience in cybersecurity, working with security SaaS providers, a proactive approach to identifying vulnerabilities, and the ability to collaborate across departments to ensure a secure enterprise environment.

Key Responsibilities:

• Develop, implement, and maintain comprehensive information security policies, standards, and procedures.
• Ensure alignment with industry standards such as NIST, CIS, and other relevant frameworks.
• Work with SaaS providers in conducting regular risk assessments and audits to identify vulnerabilities and ensure compliance with regulatory requirements.
• Oversee SaaS provider monitor of networks and systems for security breaches, intrusions, and unusual activity using advanced security tools (e.g., SIEM, IDS/IPS).
• Lead incident response efforts, including investigation, containment, remediation, and documentation of security incidents.
• Perform root cause analysis and implement corrective actions to prevent recurrence.
• Review and contribute to the configuration and maintenance of firewalls, VPNs, endpoint protection, and other security technologies.
• Participate in regular vulnerability scans and penetration testing to identify and mitigate risks.
• Ensure secure configuration of cloud, on-premises, and hybrid environments.
• Review and recommend cybersecurity training programs to educate employees on best practices and emerging threats.
• Promote a culture of security awareness across the organization.
• Ensure compliance with applicable laws, regulations, and industry standards (e.g., CMMC, NIST, CIS, PCI-DSS).
• Prepare and present reports on security posture, incidents, and compliance to the Manager of Cyber/Information Security and senior leadership.
• Collaborate with IT, operations, and other departments to integrate security into business processes and systems.
• Provide guidance and mentorship to junior members of the cybersecurity team.
• Stay current on emerging threats, technologies, and best practices to recommend improvements to the security program.

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (Master's degree preferred).
• Minimum of 5-7 years of experience in cybersecurity or information security roles, preferably in a manufacturing or construction environment.
• Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are highly desirable.
• Strong knowledge of network protocols, firewalls, intrusion detection/prevention systems, and encryption technologies.
• Experience with security tools such as Splunk, CrowdStrike, Cisco Umbrella, Artic Wolf, or similar platforms.
• Proficiency in cloud security (e.g., AWS, Azure) and securing industrial control systems (ICS) is a plus.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.

Soft Skills:

• Excellent analytical and problem-solving skills with attention to detail.
• Strong communication skills to articulate complex security concepts to technical and non-technical stakeholders.
• Ability to work independently and manage multiple priorities in a fast-paced environment.

Work Environment:

• This role may require occasional on-call availability for incident response.
• Hybrid options may be available, depending on organizational needs.
• Occasional travel may be required for audits, training, or collaboration with other sites.