The Senior Security Analyst is responsible for ensuring the security of all assets within the organization, with an emphasis on technology. The Senior Security Analyst is a subject matter expert in area of Information Security and security within the organization. Monitors and manages organizational security through the use of security tools, reports on effectiveness, and identifies vulnerabilities and incidents, and is able to make recommendations regarding their remediation. Tracks such issues through their lifecycle, identifying solutions when necessary, and engaging the appropriate resources for remediation. Establishes baselines, provides reports on effectiveness of controls, and drafts or provides recommendations to the implementation and maintenance of policies, procedures, controls, guidelines, baselines and standards. Performs or coordinates internal audits. Maintains currency in knowledge of security, and advises on risks, threats and trends. Manages Information Security related projects. This position assists in risk assessments, requests for proposal, security audits and examinations, and regulatory compliance regarding security or privacy.

Essential Functions

• Implementation, operation, and maintenance of security countermeasures, tools or technologies
• Track and document security incidents and vulnerabilities.
• Manage security-related projects including remediation of vulnerabilities, implementation of new security technologies or tools, and coordination of audits.
• Perform security audits.
• Monitor threat intelligence feeds for vulnerabilities, threats or trends
• Create, test and implement disaster recovery and business continuity plans
• Develop Information security policy, procedures, guidelines, baselines, and standards
• Recommend and evaluate security enhancements and purchases.
• Coordinate and participate in responding to risk assessments, requests for proposal, audits and examinations.
• Train staff on network and information security procedures
• Perform third party security assessments of business partners
• Determine feasibility of meeting security requirements based on contracts or statements of work with external entities, and be able to identify deficiencies and methods to remediate.
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices.
• Demonstrated ability to use a pragmatic approach towards Information Security, balancing security requirements against business need.
• Other duties as assigned

Required Skills

• Bachelor’s degree in Computer Science, Information Security, or similar degree program; with 4+ years’ experience within Information Technology, and 5+ years in IT Security related field, or an equivalent combination of education and experience.
• One or more applicable security certifications (CISA, CISSP, CISM, CRISC, SANS GIAC, SANS GSEC, or Security+) required.
• Must possess broad general knowledge of Information Technology, including storage, networking, systems, databases, firewalls; with at least 4 years of experience in IT as one or more of the following: developer, systems or network engineer, database administration, or an equivalent technical role.
• Experience with Intel Security (McAfee) DLP, HIDS, Anti-Malware, and Web Filtering; Cisco FirePOWER HIPS; Tenable SecurityCenter with Continuous Monitoring; SIEM technology; and Symantec Altiris is desirable.
• Experience with HITRUST, NIST SP 800-171, GDPR security frameworks is desirable. Experience with or knowledge of other security frameworks is desirable.
• Must possess excellent communication skills, with the ability to discuss technical concepts with non-technical people.
• Ability to show initiative and take ownership of new tasks as assigned.
• Project management skills preferred.
• Ability to work an on-call rotation, some after-hours and weekends.

Job Location: Louisville, Kentucky, United States
Position Type: Full-Time/Regular