Information Security Analyst

Lensa is a career site that helps job seekers find great jobs in the US. We are not a staffing firm or agency. Lensa does not hire directly for these jobs, but promotes jobs on LinkedIn on behalf of its direct clients, recruitment ad agencies, and marketing partners. Lensa partners with DirectEmployers to promote this job for 32BJ Benefit Funds. Clicking "Apply Now" or "Read more" on Lensa redirects you to the job board/employer site. Any information collected there is subject to their terms and privacy notice.

Salary Range: 110000.00 To 115000.00 (USD) Annually

Job Code

839

Department Name

IT Infrastructure

Reports To

Manager, Information Security

FLSA Status

Exempt

Union Code

N/A

Management

No

About Us

Building Services 32BJ Benefit Funds (“the Funds”) is the umbrella organization responsible for administering Health, Pension, Retirement Savings, Training, and Legal Services benefits to over 100,000 SEIU 32BJ members. Our mission is to make significant contributions to the lives of our members by providing high quality benefits and services. Through our commitment, we embody five core values: Flexibility, Initiative, Respect, Sustainability, and Teamwork (FIRST). By following our core values, employees are open to different and new ways of doing things, take active steps to improve the organization, create an environment of trust and respect, approach their work with the intent of a positive outcome, and work collaboratively with colleagues.

The Funds oversees and manages $9 billion of dollars in assets, which are made up of many, varied and complex funds. The dollars come from a number of sources, including the property owners who pay into the funds on behalf of their employees, and as such, requires those who oversee and manage the money to be highly skilled financial management people.

For 2025 and beyond, 32BJ Benefit Funds will continue to drive innovation, equity, and technology insights to further help the lives of our hard-working members and their families. We use cutting edge technology such as: M365, Dynamics 365 CRM, Dynamics 365 F&O, Azure, AWS, SQL, Snowflake, QlikView, and more.

Please take a moment to watch our video to learn more about our culture and contributions to our members: youtu.be/hYNdMGLn19A (

Job Summary

Under the supervision of the Manager, Information Security, the Information Security Analyst is responsible to plan and carry out security measures to protect Funds’ computer networks, systems, and digital and physical technology assets. Performs assessments, develops and implements information security policies, procedure, and guidelines. Works inter-departmentally to identify and correct flaws in the Funds’ security systems, solutions, and applications while recommending specific measures that can improve the Funds’ overall security posture.

Essential Duties And Responsibilities

• Provide guidance and expertise in the field of risk management regarding the protection and security of digital assets in the cloud and on premise.
• Design and develop Information Security Architectures to prevent unauthorized access to our information and data breaches.
• Develop and implement information security policies and procedures; develops security guidelines and safe practices for Funds’-wide computing and networking systems, and maintain the documentation.
• Manage, maintain and monitor security technologies such as vulnerability scanning solutions, IDS/IPS, anti-virus technologies, DLP capabilities, SIEM technologies, host forensics and malware analysis, web application firewalls and proxy solutions.
• Manage real time threat detention technologies to identify and quarantine threats, Monitor Endpoint Security Alerts and take corrective action.
• Minimize security threats by examining governance, technology infrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan.
• Monitor internal control systems to ensure appropriate access levels are maintained, protect against unauthorized system access, modification and destruction.
• Review security related reports, logs and occurrences; escalate issues and initiate security response procedures.
• Create and review vulnerability reports, track compliance with vulnerability management policies, and escalate.
• Research and evaluate emerging technologies in support of security technology enhancements, propose technical solutions to management, to address security weaknesses and coordinate with relevant stakeholders to implement.
• Reviews, updates, and enforces data security practices within the organization; tests for exposures to ensure adherence to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate.
• Tests security controls and manages the associated remediation of any deficiencies as needed.
• Assess security information, triaging and responding to security events, identify false positives, and conduct correlation analysis across numerous internal and external data sources while prioritizing information security incidents.
• Perform Project Management tasks for security initiatives /projects.
• Manage incident-handling processes, which include implementation of containment, protection, and remediation activities.
• Coordinates the handling and resolution of security incidents, to include system intrusions and abuse, and acts as a primary point of contact.
• Develop responses to internal & external audits, penetration tests and vulnerability assessments.
• Support Information Security training and awareness by providing ideas and content, assist HR with employee security awareness education and training.
• Manage multiple priorities and deadlines concurrently.
• Provide support after hours, on weekends and through on-call rotation.
• Performs other duties as assigned

Qualifications (Competencies)

• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
• Minimum 4 years in Information Security, or IT OPS management and systems administration with at least 2 years specific to IT Security;
• Strong knowledge of Information Security design, principles, and processes; Experience in writing and /maintaining information security policies, standards, and guidelines;
• Demonstrated ability to monitor and audit network security systems such as Firewalls, IPS, SIEM, DLP, web proxy, NAC, and Vulnerability scanners;
• Hands on experience with mitigating security controls (i.e., anti-virus, IPS/IDS, DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPNs);
• Experience in incident response required; In-depth knowledge of Windows/Unix operating system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing);
• Advanced experience in networking (TCP/IP) protocols, DNS, LDAP, AD, DHCP, Web browsers, Firewalls, and other computer/network security and system administration;
• Familiar with regulatory compliance regulations (PCI, SOX, PII, HIPAA, etc.);
• Strong knowledge of common security frameworks (ISO, NIST, etc.);
• Experience in risk assessments and vulnerability management;
• General knowledge of Endpoint protection solutions;
• Knowledge of mainstream operating systems (Microsoft Windows, Linux, IOS) and a wide range of security technologies;
• General knowledge of Database technologies and queries (Microsoft SQL, MySQL, Oracle, etc.);
• Ability to independently identify, research and resolve issues with minimal amount of supervision, and ability to work with peers in a team effort;

Soft Skills (Interpersonal Skills)

• Detail oriented with excellent organization and analytical skills;
• Ability to plan, take initiatives to accomplish objectives in timely fashion, and work independently;
• Ability to prioritize work and meet deadlines;
• Ability to establish and maintain effective working relationships with project team members, supervisors, and other employees.

Education

Bachelor’s degree in Computer Science, or a related discipline.

Language Skills

Speak, read, write and understand English

Reasoning Ability

High

Certificates, Licenses, Registrations

CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or CISA (Certified Information Systems Auditor) certification are highly preferred.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals to perform the essential functions.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals to perform the essential functions.

• Under 1/3 of the time: Standing, Walking, Climbing or Balancing, Stooping, Kneeling, Crouching, or Crawling
• Over 2/3 of the time: Talking or Hearing
• 100% of the time: Using Hands

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

• 1/3 to 2/3 of the time: Work near moving or mechanical parts, exposure to radiation, moderate noise.

If you have questions about this posting, please contact [email protected]