Senior Information Security Analyst at International Rescue Committee

Job Overview/Summary:

The Senior Information Security Analyst is a key member of the Global Information Security (GIS) team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC's risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns  IT security controls with strategy and best practices, proactively and reactively assessing threats. The ideal candidate has a consistent record in both IT security technology implementation, operation and incident response.

Major Responsibilities:

This role is a key member of the GIS team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC's risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns IT security controls with strategy and standard methodologies, proactively and reactively assessing threats. The ideal candidate has a proven record in both IT security technology implementation, operation and incident response.

Major Responsibilities:

Cyber Incident Response and IT Security and Privacy Support

• Strengthen security operations by leading the design and deployment of key technology security and privacy features. Lead organizational threat intelligence, incident response teams, and server as primary author for IR playbooks and processes.
• Be responsible for and administer Security Information and Event Management (SIEM) system, improving processes to ensure alerts are dispositioned according to standard process at all levels of support. Provides ongoing analysis and tuning of the SIEM and implements SIEM and EDR-related management processes, including incident response playbooks and procedures for current and emerging threats.
• Design and implement security and privacy health feedback metrics for multiple audiences. Use multiple sources, as necessary, to create and maintain metrics/measurements to articulate the current risk posture.
• Serve as primary custodian (administrative, operational, and technical system administrator) for key Sentinel, Zerofox, Mandiant, Azure Defender, M365 security and compliance, and other systems as specified. Provide technical direction and training to technical staff to correct high-priority vulnerabilities. Resolve problems through internal resources or consultation with vendor technical support staff.
• Provides input and advisory support to MS Dynamics 365 security team.
• Actively supports Managed Security Services Providers and other related risk management providers.

Change and Project Management

• Works with organizational change management specialists to update and strengthen communications.
• Coordinates with PMO and adheres to PMO project methodology.
• Completes projects on time and quickly develops and maintains relationships with the organization.

Job Requirements:

Education

• Bachelor’s degree in an information systems-related field is required or 5 years of equivalent work experience. Advanced degree preferred.

Work Experience

• Min 3-6 years in IT including at least 2 years in IT security operations, 2-5 years in a global organization;

Demonstrated Skills and Competencies

• Demonstrable experience leading and improving incident response for 8,000+ enterprises including establishing processes, standards, and runbooks.
• Validated, hands-on understanding of Azure and enterprise-class technologies including phishing simulators, email security (i.e. gateway, DMARC/SPF/DKIM, etc.) M365, DLP and SSO/SAML, etc. sufficient to engineer technical security controls and respond to incidents.
• Confirmed, hands-on experience optimizing cloud security systems such as MS Defender, Google Security Center, AWS (i.e. IAM, Macie, GuardDuty, Cloudtrail, etc.) Meraki, CASB, Box or Salesforce Shield, etc.)
• Experience with MS KQL, python, and cyber frameworks (i.e Mitre Attack Framework, CIS, OWASP, etc.).
• Good interpersonal skills to help identify key relationships and to maintain them, and adequate oral and written communications skills for technical policy and standards development.
• Proven project management capabilities for deployment of IT security products and supporting communications skills needed to drive organizational change.