Information Security Analyst
The role participates in the development and operations of best practice corporate IT security services, enabling the assessment, execution, monitoring and auditing of our information security across Ellie Mae. This position reports to the Information Risk Management Office.
Responsibilities:
- Participate in design of Information Security solutions using industry standard best practices, regulatory guidelines, and corporate policy
- Create and maintain project-related documents (security controls assessments / risk assessments)
- Research and evaluate security technologies
- Participate in cross-domain, cross-functional matrix project teams to implement solutions in a highly collaborative manner
- Efficiently manage multiple simultaneous tasks, providing consistent record of all activities, while handling confidential work with discretion
- Is accountable to providing timely reporting on all project deliverables
- Act as an extension of the IRM Office enforcing Security policy, information standards, and IT procedures
- Evaluate and recommend security solutions to any given project, serving as a subject matter expert by providing recommendations from security perspective to technology solutions being developed or maintained internally or externally
- Conduct security assessments for projects, hold security reviews against internal or external solutions being developed or maintained
- Execute periodic security assessments/audits partnering with internal or external organizations to cover: information security, infrastructure penetration tests, ethical hacking, process security assessment
- Coach and develop security practices and skills across Ellie Mae departments
- Lead and manage IT Security initiatives as well as interact with other departments
Qualifications:
- Good working knowledge of one or many of the Security frameworks ISO/IEC 27002:2005, COBIT 4.1 - 5, COSO, HITrust CSF, PCI DSS V2, FISMA - NIST 800-53, NIST 800-39, BITS, SOC 2 Trust Principles
- Demonstrated success in IT Security audit, controls assessment, and compliance standards review reporting
- Maintain an exceptional level of documentation including diagrams, security standards, manuals, and project papers
- Ability to effectively engage and communicate as directed with a variety of audiences both technical and non-technical staff
- Must be able to explain complex systems and technical topics to others who may have minimal technical knowledge using oral, written and visual presentations
- Working knowledge of infrastructure security concepts including firewalls, DMZs, intrusion detection/prevention systems, network security, virtualization, desktop, laptop and mobile
- Working knowledge of application security concepts including password management, RBAC, provisioning, data and code security management
- Knowledge of data protection policies, procedures and products, privacy rules & regulations, data security, encryption, digital rights management, data loss prevention
- Strong working knowledge of IT security concepts including disaster recovery, penetration/vulnerability assessment, task organization, role segregation, role engineering and security-centric QA
- Strong analytical, organizational, and time management skills. Must be able to quickly conceptualize and explain new methods, processes and procedures for practical application
- Must be self-directed, with the ability to work alone or in teams, with minimal oversight, driving positive results in difficult circumstances while maintaining attention to detail
- 1 or many certifications in good standing to include: CISSP, CSSLP, CISA certification, CISM certification, CIPP certification, GIAC, GCFA
Work Experience and Education Guidelines:
Required:
- BS in Information Technology, Information Systems, or related discipline
- 6+ years of experience in Information Security
Preferred:
- 6+ years of experience in a medium to large sized IT Organization, preferably within mortgage loan origination or financial services.
- 2+ years working as an IT Security Auditor for a large audit firm
Apply at: http://ch.tbe.taleo.net/CH01/ats/careers/requisition.jsp?org=ELLIEMAE&cws=1&rid=261
