Conexess – Conexess Design Skip to main content

Business Analyst- Information Security

Job Title
Business Analyst- Information Security
Job ID
27054731
Location
Southfield,  MI 48075
Other Location
Description
Description

Information Security Governance, Risk and Compliance Business Analyst

In this role on the Corporate Services Information Security team, the Information Security GRC Business Analyst will be responsible for providing project management support to various initiatives within information security. The IS GRC Business Analyst will provide technical expertise and protection of assets by reviewing, analyzing, and implementing security controls, functions, and processes within the enterprise to support the overall information security program and other security initiatives. The IS GRC Business Analyst will consult and interface with network administrators, system administrators, desktop support staff, IT staff, developers, and non-IT departments on security issues and requirements. This position may also serve as a backup to other IS GRC roles.

The IS GRC Business Analyst will be located in Southfield, MI. The role may be contract to hire. Paid relocation is not available.

Key Responsibilities:

  • Assess data protection capabilities, gather requirements from various IT and business teams, and implement and maintain the Data Protection program
  • Review and analyze Data Loss Prevention (DLP) and data protection events and alerts
  • Work closely with Legal / Risk Management to define processes and instruct in how to review and understand alerts
  • Effectively track tasks and ensure documentation is updated regularly
  • Coordinate incident response with Security Operations, Risk Management, Legal, and other Information Owners
  • Stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies
  • Keep abreast of the latest information security standards, privacy laws, and regulations to ensure compliance with internal security policies
  • Measure and report metrics to the Security Operations Team and CISO
  • Successfully manage multiple priorities and deadlines
  • Participate, as needed, in critical incidents and implementation reviews
  • Additional tasks as required

Qualifications / Requirements:

  • Highly motivated to work in information security
  • Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
  • Knowledge of information systems security concepts and current information security trends and practices.
  • 2-5 years of Information Security, Risk, Compliance, Audit or Information Technology experience preferred
  • Bachelor’s degree in Information Technology or related field recommended
  • Security Certifications such as the following are a plus:
    • Certified Information Privacy Technologist (CIPT)
    • Certified in Risk and Information Systems Control (CRISC)
    • CompTIA Security+ (Sec+)
    • CISSP
    • GIAC Information Security Fundamentals (GISF)
    • GIAC Security Essentials (GSEC)
    • GIAC Certified Incident Handler (GCIH)
    • GIAC Certified Intrusion Analyst (GCIA)
  • Proven project management and organizational skills
  • ServiceNow experience preferred
  • Ability to work well as an individual and as part of a team
  • Desire to continuously improve processes and procedures and share information with the team
  • Excellent written and oral communication skills, inter-personal skills, and effective skills to support security programs. Must be able to provide formal reports and presentations as required
  • Attention to detail and with ability to prioritize tasks to ensure work is completed in an accurate, timely manner
  • Excellent problem-solving ability and ability to resolve issues under tight timeframes
  • Ability to work full time in a fast-paced office environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the work day

Option 1: Create a New Profile