Senior Information Security Analyst

The Senior Information Security Analyst is responsible for developing, implementing, and overseeing the organization's information security strategy to protect sensitive data, systems, and cloud environments from threats. This role manages vendor partnerships and ensures compliance with regulatory standards. The Senior Information Security Analyst is a proactive leader with deep expertise in cybersecurity, cloud security, and vendor coordination, dedicated to maintaining a robust security posture.

Key Responsibilities:

• Foster a culture of security awareness.
• Develop and maintain the organization's information security policies, procedures, and risk management framework.
• Oversee security for cloud platforms (e.g., AWS, Azure, Google Cloud), ensuring configurations meet best practices and compliance requirements.
• Manage relationships with security vendors (e.g., firewall providers, penetration testing firms, cloud security tools), negotiating contracts and evaluating service performance.
• Conduct risk assessments and audits across on-premises and cloud environments, identifying vulnerabilities and implementing mitigation strategies.
• Monitor security events using tools (e.g., SIEM, IDS/IPS, Sentinel1), leading incident response efforts and coordinating with vendors during breaches.
• Ensure compliance with regulations (e.g., GDPR, HIPAA, PCI-DSS) and industry standards (e.g., Cyber Essentials, ISO 27001, NIST), liaising with auditors and vendors as needed.
• Collaborate with IT teams to secure infrastructure, applications, and endpoints, integrating security into cloud and hybrid deployments.
• Oversee security awareness training programs for employees to reduce human-related risks.
• Manage the security budget, including vendor agreements and cloud security tool subscriptions, optimizing investments for maximum protection.
• Develop and test incident response, disaster recovery, and business continuity plans, ensuring alignment with cloud and vendor dependencies.
• Provide regular reports to senior leadership on security posture, incidents, vendor performance, and compliance status.

About You Skills and Qualifications:

• Extensive experience in information security management (5+ years preferred), with a focus on team leadership and risk management.
• Strong knowledge of cloud security principles and platforms (e.g., AWS Security Hub, Azure Security Center), including identity management and encryption.
• Proven experience managing security vendors, from procurement to ongoing service oversight.
• Expertise in security technologies (e.g., firewalls, VPNs, endpoint protection) and frameworks (e.g., NIST, CIS Controls).
• Familiarity with scripting (e.g., Python, PowerShell) or automation tools to enhance security operations is a plus.
• Exceptional analytical skills to assess risks and respond to complex security incidents.
• Excellent communication and leadership abilities to influence stakeholders, vendors, and employees.
• Relevant certifications (e.g., CISSP, CISM, AWS Certified Security, CRISC) are highly desirable.

Personal Attributes:

• Strategic and detail-oriented, with a passion for protecting organizational assets.
• Calm under pressure, with strong decision-making skills during security incidents.
• Collaborative leader, adept at aligning security goals with business objectives.

Working Conditions:

• Office-based with hybrid flexibility, with on-call availability for critical security incidents.
• May involve travel for vendor meetings, audits, or industry conferences.