Information Security Analyst

Be a part of the team behind our success!  At Advisor Group, we support more than 5,000 financial advisors, the people who help everyday Americans achieve their dreams. We’re a billion-dollar business with the mentality and drive of a startup. Join us in building something special.

Technology Opportunity in Financial Services

Information Security Analyst


Location:        20 E Thomas Rd | Suite 2000, Phoenix, AZ  85012

 2300 Windy Ridge Parkway | Suite 750, Atlanta, GA 30339

                         10 Exchange Place | Suite 1410, Jersey City, NJ 07302

                        7755 3rd Street North, Oakdale, MN 55128

Summary:

The Information Security Analyst performs and fulfills information security objectives and processes for the Firm, including liaising, advising, advocating, and facilitating to identify and reduce information security risk.  Among other duties, the Senior analyst will perform risk assessments on computer applications and business partners evaluating the ability to meet control requirements. Risk assessments are conducted through a combination of documentation, vulnerability assessment tools, and manual testing.

Additionally, the Senior Information Security Analyst participates in projects and initiatives to help design and implement information security controls in processes and systems. The successful incumbent will demonstrate strong knowledge of and experience with the general information security controls employed to protect organizations and computer applications.

This position will report to the Director of Information Security.

Keys:    IT security, information technology     

Responsibilities:

  • Support design initiatives, implementation and maintenance of information security technologies.
  • Proactively and collaboratively work with business units/departments to help develop and implement procedures that meet defined policies and standards for information security management.
  • Perform application vulnerability assessments to identify and prioritize security exposures in applications used by the business; follow up with staff to remediate findings
  • Identify, evaluate and report on information security risks
  • Perform security risk assessments on potential vendors and business partners (including cloud service providers) to evaluate infrastructure controls
  • Deploy and administer security software solutions as needed (such as encryption key management, application vulnerability scanners, etc.)
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the company’s information security management program, forecast appropriate resource allocation and increase the maturity of the program.
  • Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.
  • Advise management on industry developments in business practice, technology, security issues and legislation that impact the company’s security policy
  • Review firewall changes for security risks
  • Perform security incident response with investigation, resolution and closure including lessons learned.
  • Manage projects and help implement initiatives surrounding data security and privacy
  • Develop, document and implement information security procedures to enforce information security standards
  • Provide subject matter expertise on a broad range of information security standards and best practices and offer strategic and tactical security guidance for all IT projects, including the evaluation and recommendation of technical controls.
  • Coordinate the use of external resources involved in the information security management program, including, but not limited to, interviewing, assisting in negotiating contracts and fees and managing external resources.
  • Perform other security-related duties as requested.
  • All other duties as assigned.

Education & Experience Requirements:

  • Bachelor’s degree in information technology, business administration or a related field preferred. 
  • Candidates with a minimum of a high school diploma (or equivalent) in combination with at least 5 years’ experience in an information technology role, inclusive of at least 3 years in information security will be considered. 

Basic Requirements:

  • Advanced trouble-shooting and subject matter expertise with a variety of information security related technologies, especially hands on experience in tuning and installing.
  • Effective in analyzing and developing options to balance business needs with security vulnerabilities
  • Skilled at building strong relationships, both internally with business and technology leaders and other leaders of the information security team, and externally with service providers and business partners
  • Strong familiarity with security issues surrounding web application security and experience in testing such applications for vulnerabilities
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Experience assessing third parties for infrastructure security controls and general security practices
  • Experience developing and implementing security policies and/or standards
  • Familiarity with security issues surrounding network computing and experience in implementation of security systems and controls
  • Excellent working knowledge of Microsoft and/or POSIX operating systems and related applications (such as IIS, SunOne, Oracle)
  • Strong understanding of multiple networking protocols (TCP/IP, NetBIOS etc.) and networking concepts
  • Strong understanding of OS and network security
  • Experience with deploying and securing Internet applications
  • Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
  • Strong analytical skills
  • Excellent written and verbal communication skills
  • Ability to partner with and influence a variety of stakeholders to ensure security requirements are understood and met
  • Able to work independently and be a self-starter; managing multiple tasks according to priorities; results oriented and proven ability to meet deadlines
  • Travel is expected [under 25%]

Preferred Requirements:

  • Professional certification such as CISSP