Information Security Analyst

Job Description

Job DescriptionSalary:

Join Our Team at Data2Logistics!

Do you have a passion for simplifying global supply chain complexity? At Data2Logistics (D2L), we focus on data and provide best-in-class processes that not only ensure accurate audits but also generate clean, normalized data to drive cost-reducing business decisions. With our customized reporting tools, we relay insights to our clients and convert them into actionable information that adds true business value.

At Data2Logistics, our vision is to simplify global supply chain complexity, and our mission is to empower our clients to achieve superior supply chain outcomes. Our core values include integrity and accountability, customer obsession, curiosity, and adaptability. We believe in doing the right thing and being responsible for our actions, putting our clients at the center of everything we do, constantly seeking to learn and improve, and being flexible and responsive to change.

We are seeking an Information Security Analyst to join our team. If you are excited about leading information security services and ensuring compliance with industry best practices, this could be the perfect opportunity for you to contribute to our mission and values. Apply now and be part of a company that is dedicated to driving excellence in supply chain management!

Job Summary:

The Information Security Analyst
collaborates with the CIO, ITMS, and Security vendors to ensure compliance with our D2L Information Security Program, aligning with industry best practice frameworks, and ensuring compliance with government regulatory and customer security requirements. This role is also responsible for responding to customer questionnaires and audits, as well as ensuring our D2L culture is focused on cybersecurity and data privacy.

The Information Security Analyst
is responsible for leading the information security services within the organization. It is the job of the Information Security Analyst to design and lead information security and privacy services within budget; ensuring reports, weekly releases, deliverables, and other requirements are completed in accordance with best security and privacy practices to ensure the safety and compliance of the company and clients data within our environment.

Principal Duties and Responsibilities:

Compliance & Industry Best Practices Management

• Ownership for ensuring compliance with industry data standards such as GDPR, CCPA, and SOC1/SOC2/ISO and our D2L security program.
• Oversee the development, documentation, and sustainment of D2L IT Security program and policies.
• Establish, analyze, and monitor Security and privacy project schedules, business needs and resources allocation.
• Perform an annual review of the D2L IT Policies against Industry Best Practices, customer requirements, and cloud requirements and update them as appropriate. Ensure the organization reviews the policies annually.
• Implement security measures and operate software to protect systems and information infrastructure, including firewalls, data encryption, and access management programs.
• Manage all aspects of an IT Security organization and develop and manage project plans for all major milestones.
• Administer data security for file system level encryption.
• Stays current with cybersecurity threats and best practices (CERT, SANS, etc.) and collaborates with ITMS vendor, Virtual CISO, and ITMS and Security vendors to mitigate any risks and implement appropriate controls.
• Support the development team with security best practices during the development cycle.
• Plan and schedule the annual 3rd Party Security Assessment & Penetration Tests and develop detailed plans for remediating identified risks.
• Work with the Technology Leadership team and 3rd party vendors, to identify and implement the D2L Cybersecurity Roadmap and to ensure that all items are completed on time and within budget.
• Ownership for ensuring annual Privacy Shield compliance with zero major deficiencies.
• Collaborate with the business, ITMS and Security vendors, and internal IT resources on the yearly internal audits (SSAE-18/SOC1, ISO, SOC2, etc.).
• Identify and recommend tools that are needed to ensure we keep our clients, carriers, and employees data secure.
• Works with the Executive Leadership Team to ensure system compliance for all organizations.
• Stays current on cyber threats and best practices.

Training & Awareness

• Manages the Cybersecurity and Data Privacy training, monthly phishing campaigns, and monthly security reports and recommends improvements where needed.
• Stays abreast of the latest cybersecurity and Privacy best practices and ensure that the appropriate training programs are developed and implemented for our employees and vendors.
• Develops training programs to reduce the overall risk of a cybersecurity event, especially around employee emails and potential event identification.

Incident Response Prevention & Management

• Continually update and tune the Intrusion Detection System (IPS) rules.
• Monitors and responds to service disruptions, data breach, and audits recovery incidents.
• Ensures alignment with D2L, policies, as well as Platinum Equity and insurance requirements for the investigation of any potential or actual cybersecurity or data privacy incidents.
• Is responsible for understanding client communication requirements for any data and privacy breach. Maintains the list of required customer notifications in case of a security event.
• Lead and plan regularly scheduled incident response tabletop exercises, minimally once per year.
• D2L ownership for the annual Disaster Recovery Test exercise, lessons learned, and ensuring issues and gaps are resolved.
• Collaborates with the business on updating, maintaining and testing the Business Continuity Plan annually.

Vendor & Client Management

• Create daily, weekly, and monthly checklists related to providing security and data privacy oversight with our ITMS, Security and 3rd party vendors.
• Reviews and monitors the daily, weekly, and monthly SOC, SEIM, and firewall reports and provide security oversight to ensure all security concerns are being addressed.
• Respond to customer security questionnaires and audits for both new and existing customers.
• Monitor the market and client security requirements and make internal security recommendations to ensure continuous alignment.
• Completes the annual security audits of our 3rd party vendors and sub processors.
• Participate in cyber security and privacy reviews of our customer and 3rd party vendor contracts and RFPs.
• Responsible for completing all security and data privacy assessments requested by clients on schedule.

Note: the job description is not designed to cover or contain a comprehensive list of activities, duties, or responsibilities that are required of the employee. They may change, or new ones may be assigned at any time with or without notice.

Position Requirements:

• 5+ years of Information Security Experience.
• Experience with penetration testing, remediation, audit, and compliance.
• Strong understanding of firewalls, proxies, SIEM, antivirus, and intrusion detection and prevention systems.
• Ability to identify and mitigate network and ITMS security risks.
• Understanding of ethical hacking procedures, cloud and access management, and risk management.
• Experience in data protection analysis, data repositories, and structure identification.
• Laser-focused on ensuring the information security of the organization.
• Strong experience in multiple cybersecurity frameworks such as NIST, ENISA, CIS, SOC2, ISO, etc.
• Experience in ensuring compliance with industry data standards including GDPR, CCPA, and SOC.
• Strong experience in information security program development and management.
• Strong experience in Infosec governance, information risk management, and security incident management.
• Stays informed regarding the cybersecurity landscape and solutions.
• Ability to identify and recommend process and security improvements.
• Experience providing security oversight of an ITMS and security vendor.
• Experience developing and managing a 3rd party vendor assessment program.
• Strong technical background.
• Understanding of software development methodologies.
• Strong problem-solving skills.
• Strong internal customer-facing and collaboration skills.
• Excellent communication skills.
• Ability to review, analyze, and evaluate complex business systems.
• Strong collaboration and communication skills and proven ability to collaborate with other team members and users.
• Team player.
• Strong listening skills.
• Proactive problem solver.
• Strong sense of ownership.
• Demonstrated ability to deliver on commitments.
  

Education:

• Bachelor of Science Degree or higher; Information Management, Computer Science, or Computer Information Technology major desirable.
• CISSP certification preferred.
• Project management skills (prefer PMP).

Travel:

• 5% (as required)

Location

• Remote

The fine print:

This job description in no way states or implies that the duties and responsibilities are the only duties and responsibilities to be performed by the individual(s) with this job description. The individual(s) maybe called upon, and required, to follow other instructions or perform other duties/responsibilities requested by his/her Supervisor, consistent with the purpose of the position, department and/or company objectives.

Data2Logistics is an equal opportunity employer.

Data2Logistics provides equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, ancestry, national origin, citizenship, sex or gender (including pregnancy, childbirth, and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, religion, age, disability, genetic information, service in the military, or any other characteristic protected by applicable federal, state, or local laws and ordinances. Equal employment opportunity applies to all terms and conditions of employment, including hiring, placement, promotion, termination, layoff, recall, transfer, leave of absence, compensation, and training.

Physical demands and working conditions:

The physical demands and work environment described here are representatives of those that must be met by the employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• Work involves sitting, walking, talking, hearing, bending, stooping, kneeling, and/or crouching.
• Work also involves repetitive wrist, arm, finger motion, typing data on computer keyboard, typing data on a calculator, using hands to handle, feel or operate objects, machines, and reaching with arms and hands.
• Vision abilities required by this job include vision, the ability to adjust focus, and ability to focus on a computer screen for long periods of time.
• The employee may be required to push, pull, lift, and/or carry up to 20 pounds.
• The noise level in the work environment is usually moderately quite with few distractions.
• Ability to bend or stoop to retrieve lower shelf files and the ability to reach overhead to retrieve upper shelf files.
• Ability to sit 2/3 to 3/4 of day.

remote work