Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the company Conduct penetration testing, simulating an attack on the system to find exploitable weaknesses Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired
We’re a diverse tapestry of thinkers, dreamers, givers, DIYers, handi-workers, artisans, and forever and always architects of things Professional certifications such as Certified Ethical Hacker certification is highly desirable In-depth knowledge of security principles, practices, technologies, and standards, including but not limited to network security, endpoint protection, cryptography, and access control
As an Information Security Analyst you will assist more senior members of the team in managing day to day security operations, including Investigating & resolving alerts & reports from Endpoint Detection & Response tools (EDR, CrowdStrike), mail filtering tools (Checkpoint Harmony), and others Execute & Improve our Vulnerability Management Program: Work with vulnerability owners, engineering managers, and product owners to clearly articulate risk from identified vulnerabilities, possibilities for remediation, and track status of those remedial efforts A Relentless Commitment to Professional Improvement: VTS Information Security team members have all achieved significant certifications in the last year, including but not limited to the CISSP, Security+, AWS DevOps' Engineering Professional & others
Under minimal direction, the Information Security Analyst - Governance, Risk & Compliance (GRC) performs all procedures necessary to ensure the security of information and information systems, and to protect systems from intentional or inadvertent access or destruction Experience designing, implementing, and executing IT Risk Management projects, information security governance, tools, and technologies across complex, large-scale environments, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification is preferred
