Business Information Security Analyst

Redwood City, CA

Posted: 06/03/2019 Employment Type: Direct Hire Industry: IT Job Number: JOS000008671

This company is dedicated to making our products and technologies as secure as possible. The Business Information Security Analyst (“BISA”) reports to the Director, Information Security Governance and serves as a trusted advisor to both the business and Information Security Department. This role will liaise between the company lines of business and Information Security Department, keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate  committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will work with the Information Security Department to identify enterprise compliance deficiencies with Information Security policies and procedures and manage Information Security policies. 

Job Responsibilities 

  • Monitor and advise on information security issues related to the systems and workflow to ensure internal security controls are appropriate and operating as intended within the business units  
  • Support response to information security incidents for the respective business units  
  • Develop and publish business-focused Information Security policies, procedures, standards and guidelines based on knowledge of best practices and regulatory compliance requirements and ensure integration into Enterprise Information Security policy  
  • Develop a comprehensive security education and awareness program, using instructor-led, train-the trainer, electronic/web-based, and/or multimedia training methods and formats for our employees, contractors, executives and technical operating personnel.  
  • Develop targeted communications to business stakeholders on various security related topics.  
  • Provide strategic consulting in all aspects related to cyber security training for organization-wide initiatives and projects. Participate in the design, development and implementation of training programs of a broad organizational scope.  
  • Conduct needs assessments to identify and evaluate training requirements.  
  • Conduct or facilitate general or specific technology training programs.  
  • Develop training materials to include training handbooks, job aids, models, multimedia visual aids, computer and web-based tutorials, and standard operating procedures.  
  • Participate in effective training delivery including analysis, implementation, testing and documentation of educational systems.  
  • Research and study advancements in educational technologies and methods.  
  • Recommend and/or implement innovative solutions, modifications and enhancements to security training and awareness programs.  
  • Evaluate effectiveness of training and awareness programs, utilizing appropriate data collection instruments and procedures and adjust as necessary to maximize impact.  
  • Consult and partner with corporate training, communications, business, and security teams  
  • Coordinate with teams across the organization to ensure that security education and awareness needs are satisfied for all security stakeholders.  
  • Perform administrative functions necessary to deliver and document training programs.  
  • Coordinate and execute IT security policy, awareness training, security compliance, vulnerability and workflow/procedural remediation for specific business units  
  • Conduct security research in keeping abreast of latest security issues  
  • Prepare Information Security documentation, including department policies and procedures, company Infosec notifications, web content (for awareness training, etc.), and alerts  
  • Perform other related duties as assigned 

Skills Needed 

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.  
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.  
  • Proven track record and experience in comprehending workflow deficiencies and ability to develop and articulate changes to those workflows to mitigate risk and not adversely impact workflow efficiencies  
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.  
  • Experience in thriving in communication and collaboration with diverse audiences and senior leadership.  
  • Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.  
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices. 

Preferred Skills and Experience 

  • Knowledge of common information security management frameworks, such as NIST.  
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.  
  • Executive level presence and presentation skills  
  • Experience with a cloud service spanning multiple countries 

Educational Requirements & Work Experience:? 

  • Master’s Degree and minimum of 2+ years of experience in a similar role  
  • Bachelor’s Degree and minimum of 4+ years of experience in a similar role  
  • Associate degree and minimum of 7+ years of experience in a similar role. 

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.