FULL-TIME, 40 HOURS PER WEEK, DAYSHIFT, 8:00AM - 5:00PM, MONDAY-FRIDAY

SUMMARY:

The Information Security Analyst is responsible for all aspects of information security within the organization, including the proactive monitoring of all information technology assets for potential security issues as well as the application of security best practices to mitigate risks within the organization. This position performs at a moderate level of complexity with a high level of proficiency under general supervision.

PURPOSE:

The purpose of this document is to describe the general nature and level of work performed by personnel as classified; it is not intended to serve as an inclusive list of all responsibility associated with this position.

ESSENTIAL DUTIES AND RESPONSIBILITIES include but are not limited to, the following:

1. Works with HNL operational units and external clients to mitigate cyber risk and threats. Performs cyber security data analyst activities with specific focus on large-scale data analytics. Reviews information technology systems daily for security exceptions.
2. Participates in team problem solving efforts and offers ideas to solve client issues.
3. Conducts relevant research, data analysis, and creates reports.
4. Maintains responsibility for completion and accuracy of work products.
5. Works directly with internal software developers, helpdesk and network engineers.
6. Administers/monitors user access changes, security controls, configurations; resets passwords and unlocks users for select systems.
7. Maintains records for vendor management program including security control reports and supplemental documentation. Responsible for risk rating vendors based on defined criteria. Reports on the status of the program including remediation recommendations.
8. Supports information technology risk assessment data and documentation collection; assists with information technology risk assessments as directed by ISO.
9. Administers and monitors social engineering testing.
10. Collects and reviews information technology system reports.
11. Collects and reviews network topology maps.
12. Tracks and updates status of open audit, exam, and information technology security findings as required by ISO.
13. Collects key performance indicators as requested by ISO.
14. Leads the intrusion analysis, detection and incident response activities.
15. Maintains proficiency in HIPAA, HITECH, NIST 800-53 and PCI-DSS. 
16. Performs technical vulnerability testing or penetration testing activities as requested by the ISO. 
17. Supports the design, engineering, implementation, and maintenance of Cisco Firewall, IDS and IPS systems. 
18. Supports the design, engineering, implementation, and maintenance of Cisco VPN deployments.

Required Skills

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  Education/Experience: Bachelor's degree (B. S.) from four-year college or university in information security or related field of study; or one to two years related experience and/or training; or equivalent combination of education and experience. At least four years of experience in Information Technology, Information Systems Security or Cybersecurity required. Knowledge of and experience with security regulations, standards and processes including FISMA, FIPS, NIST, HIPAA and PCI required. Experience with incident response and network reconnaissance; familiarity with basic programming, scripting languages and large-scale analytics preferred.   Language Ability: Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.  Ability to write reports, business correspondence, and procedure manuals.  Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.   Math Ability: Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations. 

Reasoning Ability: Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. Demonstrate the ability to work with minimal supervision and direction, work independently; demonstrate initiative and analytical analysis. 

Communication Skills: Possess excellent verbal and written communication skills. Demonstrated ability to write clearly, succinctly and in a manner that appeals to a wide audience. 

Computer Skills: To perform this job successfully, an individual should have knowledge of Word Processing software; Spreadsheet software; presentation creation tools; internet research tools; real time analytics and business intelligent platforms; Accounting software; Inventory software; Payroll systems; Development software; Design software; Internet software; Human Resource systems; Order processing systems; Project Management software; Manufacturing software and Database software. 

Certificates and Licenses: GCIH, GCFW, GPEN, GXPN, OSCP, CISSP

Required Experience

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  Education/Experience: Bachelor's degree (B. S.) from four-year college or university in information security or related field of study; or one to two years related experience and/or training; or equivalent combination of education and experience. At least four years of experience in Information Technology, Information Systems Security or Cybersecurity required. Knowledge of and experience with security regulations, standards and processes including FISMA, FIPS, NIST, HIPAA and PCI required. Experience with incident response and network reconnaissance; familiarity with basic programming, scripting languages and large-scale analytics preferred.   Language Ability: Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.  Ability to write reports, business correspondence, and procedure manuals.  Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.   Math Ability: Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations. 

Reasoning Ability: Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. Demonstrate the ability to work with minimal supervision and direction, work independently; demonstrate initiative and analytical analysis. 

Communication Skills: Possess excellent verbal and written communication skills. Demonstrated ability to write clearly, succinctly and in a manner that appeals to a wide audience. 

Computer Skills: To perform this job successfully, an individual should have knowledge of Word Processing software; Spreadsheet software; presentation creation tools; internet research tools; real time analytics and business intelligent platforms; Accounting software; Inventory software; Payroll systems; Development software; Design software; Internet software; Human Resource systems; Order processing systems; Project Management software; Manufacturing software and Database software. 

Certificates and Licenses: GCIH, GCFW, GPEN, GXPN, OSCP, CISSP