Security Analyst

Security Analyst conducts information technology security reviews (infrastructure, system and application) for risks to the technology environment and data privacy obligations, and authors risk assessments and recommendations regarding such controls for a wide-range of technology solutions throughout their lifecycle.

Responsibilities and Tasks:

• Provide quality assurance (appraisal and approval) of security deliverables, to include revising and drafting test plans, security specification reviews and standards, and technical documentation
• Conduct the review of applications from a security and privacy perspective; review and contribute to KPMG IT Standards used in the solution security review process and provide security recommendations and better practices regarding secure software development in waterfall, agile, and DevOps methods
• Provide and document advice, risk assessment and recommendations regarding privacy and security controls for projects/solutions throughout an asset's lifecycle
• Communicate regularly with Project Managers, project teams and representatives from various functional teams, including escalating any matters that require additional analysis to functional subject matter professional(s)
• Provide input on the formulation of risk control standards that impact ITS Global projects and business sponsors; advice on and develop recommendation to improve ITS Global's software development program by integrating security processes, technologies/tools and methodologies to enable agile and DevOps delivery
• Work with others in the Information Protection Group on ongoing or new information risk activities, as the need arises.

Management and Competencies:

• Demonstrated ability to lead and collaborate with a globally dispersed, multi-cultural and multi-discipline team
• Background working on large-scale international projects and the ability to manage multiple processes and projects at once
• Ability to Plan large projects and prepare executive level reporting including financial analysis
• Strong written and oral communication skills for effective communication at all organizational levels
• Ability to gain and maintain credibility with other internal working groups & teams

Qualifications:

• 5 to 10 years of relevant IT and IT security experience with a background in software security, software develop using Agile and DevOps methods and tools
• Experience in documenting processes and reviewing or drafting technical architecture and cloud security architecture material better practice; prefer prior Azure experience
• A holistic understanding of attack vectors, current threats, and remediation strategies. Experience with computer forensics practices and procedures, basic investigations, and evidence handling is preferred.
• Professional security and cloud qualifications such as CISSP, CISA and CCSP preferred. Applicant must be willing to obtain CISSP, if they are not already certified