Information Security Analyst

• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices

• Participate in the creation and maintenance of enterprise security documents (policies, standards, baselines, guidelines and procedures)

• Analyzing and assessing potential security risks, developing plans to deal with such incidents by putting measures in place such as monitoring and auditing systems for abnormal activity, and executing corrective actions

• Reporting security incidents in accordance with the Incident Response Plan

• Support the company wide security awareness training program

• Conduct and Monitor compliance with Industry standards (PCI, HIPAA)

• Maintain confidentiality, integrity and availability of data and services residing on or transmitted to/from/through enterprise workstations, servers and other systems and other data repositories.

• Monitor security related tools and functions, investigate/escalate incidents using subject matter expertise as they occur and work with other business units to mitigate risks to acceptable levels.

• Conduct vulnerability assessments, penetration tests and security audits per standards and company policies.

• Engage in ongoing communications with peers in the Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.

• Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

• Conduct security audit and penetration test on company various systems and applications

• Monitor transaction patterns to identify fraudulent activity, high risk transactions and determine existing fraud trends.

• Recommend anti-fraud processes for changing transaction patterns and trends.

• Generate suspicious activity reports and risk management reports for Managers.