I. Job Summary
A Boar’s Head Cyber Security Threat Analyst has primary responsibility for monitoring and taking action regarding cyber threats, alarms and alerts, managing threat consoles and tuning our cyber security related alarms and alerts. In addition to their monitoring and escalation duties, the Cyber Security Threat Analyst will assist with helping write articles and conduct phishing exercises related to the company cyber security awareness program, and assist senior staff who need support with third party vendor and internal application scanning and compliance related activities.
II. Essential Duties and Responsibilities
- Primary responsibility configuring and monitoring alarms and alerts (threats) to identify and reduce cyber risk
- Assist in the development, review and execution of the ongoing security awareness program to mitigate human risks
- Assist senior staff with third party vendor compliance reviews conducting scans and collecting compliance checklists
- Take part in educating both internal employees and third parties understand, acknowledge, and fulfill all applicable information security policies and minimum requirements (security is everyone’s responsibility)
- Provide metrics and statistics from monitored & managed tools to contribute to departmental dashboards and scorecards for management and trend analytic reporting purposes.
- Running vulnerability scans and assessments, interpreting results and communicating them to involved parties
Additional responsibilities include:
- Maintain professional certifications and related educational requirements as well as other duties assigned by the Director, Cyber & Physical Security
- Conducting risk assessments as assigned
- Conducting internal application security compliance assessments as assigned
- Developing, maintaining, and/or enhancing personal knowledge and expertise of the following:
- Security controls
- I/S business operations, policies, standards, procedures and processes
- Technical knowledge of new and existing technology supporting company operations
- IT standards, frameworks and best practices
- IT security and compliance standards, requirements and frameworks
- IT industry trends and emerging threats such as cybersecurity, ransomware, cloud computing and storage, mobile device management, etc.
- Multiple non-IT business area operations.
III. Education and Experience
- Bachelor’s degree in computer science, information security, or a related field; or equivalent experience
- Working knowledge and ability to support and configure multiple technology platforms (Windows, Linux, etc.)
- Ability to communicate highly technical issues to non-technical audiences succinctly and clearly articulate concerns to IT and Business partners alike
- Advanced knowledge of MS Office applications (Excel, Word and Visio)
- Intermediate knowledge of IT applications, databases and/or operating systems across multiple platforms
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Ability to apply creative and innovative thinking
- Ability to make sound judgments/conclusions based on knowledge, experience, observations, and available information
- Planning, organization and time management skills
- Written communication / presentation skills (PowerPoint, etc.)
- Excellent verbal communication with the ability to interface with both technical experts and senior level management
- Ability to deal with confidential information and matters
- Adaptable and able to work well under pressure
· An ability to effectively influence others to modify their opinions, plans, or behaviors
V. Certificates, Licenses, and Registrations
· CompTIA Security+
· Certified Information Systems Security Professional (CISSP) desired (but not required, will work towards it)
· Equivalent similar college coursework and experience considered
VI. Language Skills
· All output, communications, materials will be generated in English.
· Spanish language skills desirable as well in addition to English.
VII. Work Environment
· Work is routinely performed in an office environment, with occasional work performed in a manufacturing or distribution facility.