Category: Information Systems
Date Posted: 7/8/2014
The Information Security Analyst
is responsible for the definition, planning, and monitoring of security measures for the protection of computer networks and information. This individual will also be responsible for monitoring and analysis of network security hardware and software, developing and enforcing network security policies and complying with requirements of external security audits and recommendations (e.g., PCI). The Information Security Analyst is responsible for supervising the implementation and upgrade of systems. Duties and Responsiblities:
- Defines and maintains overall computer network security strategies (Best Practices/Common Practices) with Servers/Desktops/Laptops/Mobile Devices. Communicates security policies and strategies to people of varying technical ability.
- Monitors operation of perimeter security systems such as firewalls, routers, proxy, intrusion detection systems, and VPNs.
- Monitors operation of End Point security systems such as anti-virus, patch management, and disk encryption.
- Monitors operation of Log Management (SIEM) systems. Examines a variety of data sources to correlate events and determine courses of action.
- Performs risk assessments and executes tests to ensure functioning and effectiveness of security measures
- Internal/perimeter network scans
- Creates and publishes daily/weekly/monthly/quarterly/annual scorecards
- Follows up on noncompliant items discovered during scans. Works with other internal teams and departments to ensure their systems are in compliance.
- Coordinates with other Information Systems teams and various internal departments on computer network security responsibilities (e.g., Technical Support, Retail Team, and Finance).
- Creates general user awareness notifications and trains users and promote security awareness to ensure system security.
- Develops and maintains documentation relating to information security, including but not limited to: security hardening guidelines, information system policies and procedures, PCI compliance documentation, incident response guidelines, and new employee security training.
- Serves as Information Systems’ central point of contact for all audits.
- Monitors security systems, including firewalls, proxies, IDS/IPS, AV, and other systems that generate security data for anomalies or indicators of intrusion.
- Manages the incident response process when network anomalies are discovered and drives the incident process to completion.
- Manages relationships and coordinates operational activities between RaceTrac and external security services providers (e.g., MSSPs, Pen Testers, etc).
- Communicates with vendors regarding the evaluation of new technologies, develops functional testing plans, and makes recommendation on future technology purchases. Coordinates with other RaceTrac teams on evaluation of this technology.