Job Description
Information Security Analyst
*MUST BE LOCAL TO NORTHERN CALIFORNIA / HYBRID POTENTIAL*
Position Summary:
As an Information Security Analyst, you will be responsible for ensuring the security of the organization's computer systems, networks, and data. You will be responsible for identifying potential vulnerabilities and implementing measures to prevent unauthorized access, data breaches, and cyber-attacks. You will work closely with the IT team and other departments to ensure the security of sensitive information, and you will also provide guidance and training to employees on information security best practices.
Major Duties and Responsibilities:
- Conduct regular security audits to identify vulnerabilities and risks to the organization's information systems and data.
- Develop and implement security policies, procedures, and guidelines to protect sensitive data and systems.
- Monitor networks and systems for potential security breaches and respond to incidents promptly.
- Conduct security risk assessments and provide recommendations for risk mitigation.
- Perform penetration testing and vulnerability assessments to identify potential security weaknesses and provide recommendations for remediation.
- Ensure compliance with relevant regulations and standards, such as GLBA, PCI DSS, and NCUA Regulations.
- Maintain and update incident response plans to ensure timely and effective response to security incidents.
- Collaborate with other departments to ensure the security of third-party vendors and contractors who have access to the organization's data and systems.
- Provide training and guidance to employees on information security best practices.
- Stay up to date with emerging threats and trends in information security and make recommendations for enhancements to the organization's security posture
- Review vendor information security program descriptions and audits. Provide recommendations on the sufficiency of a vendor’s program to meet the organization’s security requirements.
- Routinely test critical risk mitigation controls to ensure their effectiveness.
Knowledge, Abilities, and Education:
- Bachelor's degree in computer science, information technology, or a related field; or equivalent experience
- 2-3 years of experience in information security, preferably in a healthcare, financial, or government setting
- Strong knowledge of information security principles, standards, and best practices
- Experience with security tools such as firewalls, intrusion detection and prevention systems, vulnerability scanners, and SIEMs
- Excellent written and verbal communication skills, with the ability to present complex technical information to non-technical audiences.
- Certifications such as CISSP, CISM, or CISA are preferred but not required.
Salary: Exempt Status - $82,724.56-$124,086.84 depending on experience
Job Type: Full-time
Pay: $82,724.56 - $124,086.84 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Referral program
- Tuition reimbursement
- Vision insurance
Compensation package:
Experience level:
Schedule:
- 8 hour shift
- Monday to Friday
Ability to commute/relocate:
- Santa Rosa, CA 95401: Reliably commute or planning to relocate before starting work (Required)
Experience:
- Cybersecurity: 2 years (Required)
- Information security: 2 years (Required)
Work Location: In person