Principal IT Security Analyst

Position Overview

The Principal IT Security Analyst performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The Principal IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.

Position Responsibilities Include:

Strategy & Planning

• Assist with the planning and design of enterprise security architecture, under the direction of the Vice President Global IT Services, where appropriate.

• Assist with the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the Vice President Global IT Services, where appropriate.

• Participate in the annual reviews and updates of the enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Vice President Global IT Services, where appropriate.

• Assessment of Regulatory Compliance for Skillsoft’s IT assets including impact of future acquisitions as they pertain to Health Insurance Portability and Accountability Act (HIPAA), Mass Data Privacy Law, Personal Information Protection and Electronic Documents Act (PIPEDA), European Union Data Privacy Directive, Uniform Computer Information Transaction Act (UCITA), Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), and Electronic Signature in Global and National Commerce Act

Acquisition & Deployment

• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.

• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.

• Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

Operational Management

• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Participate in investigations into problematic activity.
• Take a lead role the design and execution of vulnerability assessments, penetration tests and security audits.
• Provide on-call support for end users for all in-place security solutions.

Required Skills and Experience

Knowledge & Experience

• Extensive experience with Endpoint solutions including Anti-Virus, Firewall, Malware, Intrusion Detection,
• Experience with Full Disk and File Level Encryption Technologies.
• Experience providing security awareness training and policies.
• Experience with Data protection including retention policies, backup solutions, disaster recovery, and business continuity.
• Working technical knowledge of computer hardware including desktops, laptops, smartphones (preferably iPhone), servers, storage, removal media, printers, faxes, and other storage or communication devices.
• Technical experience performing vulnerability assessments and analysis.
• Strong understanding of IP, TCP/IP, and other network administration protocols.
• Strong understanding of Microsoft and Linux Operating Systems.
• Familiarity with Enterprise Data Protection Methodologies and Tools.

Personal Attributes

• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Good written, oral, and interpersonal communication skills.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.

Desired Skills and Experience

Customer Focused – personally demonstrated that both external and internal customers are a high priority by identifying, and responding to their needs in a timely and efficient manner

Initiative – Recognizes opportunities and initiates actions to capitalize on them by looking for a new and productive ways to make an impact

Innovative Thinking – Embraces and champions new ideas and encourages others to do likewise

Building Organizational Commitment – Demonstrates commitment, loyalty and appreciation for the organization.   Conveys a high-level of concern for all employees, while helping to ensure that both their needs and those of the organization are met.

Work Conditions

• 40-hour on-site work week with on-call availability

Education and Certifications

• College diploma or university degree in the field of computer science preferred
• 7+ years equivalent work experience.
• Preferably one or more of the following certifications:
  • CompTIA Security+
  • GIAC Information Security Fundamentals
  • Microsoft Certified Systems Administrator: Security
  • CISSP, CISM, and/or CISA
  • Associate of (ISC)²