Job Title

AVASO Technology Solutions is currently seeking a Senior Information Security Analyst with a passion for the IT area.As an AVASO employee, you will be part of a global organization that provides IT Services to big national as well as international clients across multiple industries.We are an IT solution provider with coverage in more than 170 countries as well as global distribution capabilities. We have a proven track record of success in providing best-of-breed technology solutions to enterprises of all sizes, including some of the world's largest brands.AVASO offers you an excellent growth opportunity with a strong global company and good money.Website:- Requirements:- The Candidate must be a Citizen or authorized to work in USA.Language Requirements:-The Candidate must be fluent (At least B2) in the English Language.Job Title (Corp Title and Functional Title): Assistant Vice President - Senior Information SecurityAnalystLocation: Manhattan, New York, United StatesPosition type: Full-TimeDepartmentTeam: Risk Management DepartmentInformation Security TeamReports to: Chief Information Security OfficerSupervises: Junior Information Security AnalystSummary:This is a full-time position for a Senior Information Security Analyst ("Security Analyst") within theInformation Security team that participates in all aspects of information security.The Security Analyst shall act as a risk manager with the responsibility for identifying, acting onand escalating risks and is held strictly accountable for the failure to discharge their informationsecurity duties. The employee shall also be responsible for demonstrating risk awareness byfollowing all security policies, procedures, and internal controls in the daily routine.The ability to make decisions and influence decisions in the areas of risk management andcompliance are key to the role. The Security Analyst will ensure that policy and compliancedocumentation, requirements, and controls are properly and timely identified, mapped,tracked, reviewed, and reported for the organization to increase security this role, he will work closely with other members of the Security Team and IT InfrastructureTeams to manage and support security administration tasks and security projects.Responsibilities:Experience leading risk assessments, audits, policy, governance, andor reporting, preferably in a financial institutionAssist with mapping controls to policies, procedures, and processes and testing of those controls to ensure adequate coverageEstablish and maintain security manualsWork with control owners in the remediation and tracking of deficiencies.Assist with increasing the maturity of the Information Security program, strategy, and process.Provide security services in identifying, assessing, managing, and tracking remediation of information security risks related to IT infrastructure, applications, platforms suppliers and drive explicit requirements and timelines in all environmentsProvide update to the CISO andor CRO on the progress of remediation effortsQualys:- scanning for vulnerabilities and baseline configuration compliance- monitoring new and existing vulnerabilities and working with IT and users to remediate- Daily, Weekly, and Monthly, reporting - reviewing results of reports and presenting to IT toremediate issues- Network monitoring - Monitoring assets connected to the network scanning for assetsand reconciling with IT asset inventory- Daily monitoring of system events for malicious activityTufin - Firewall rule review and approvalAlienVault - SIEM - System event monitoring and analysis with follow-up if the issue is detectedTipping Point - IPS - Monitoring network for signs of malicious activity or exploitationTrellix EPO + TMS - Daily monitoring of Data Loss Prevention toolsManage phishing campaigns, create email templates, perform testing, analyze results, and write reportSpirion - Create scans to monitor files containing PII and ensure they are destroyed in accordance with the data retention policyPrivileged Access Management (PAM) and reportingChair weekly IT meetings to discuss vulnerabilities, patching, and alarms generated by IS toolsThreat Intelligence - Monitor Qualys Threat Protection Feed and CISA emails for relevant information to protect the networkWork with vendors for troubleshooting and maintenance of IS toolsEducation and Experience Requirements:5+ years managing information security governance, risk, and complianceBachelor's degree in information technology or security discipline (e.g. cybersecurity) or related work experienceIndustry-recognized security certifications are a plus but not required (e.g. CISSP, CISA, CISM, CEH, etc.)Skills and Knowledge:Demonstrated knowledge of industry authoritative sources such as NIST Cybersecurity Framework, SOC2 and ISO standards, FFIEC framework, and NYDFS-Part 500 regulationsWorking with GRC applications and toolsets, such as RSA ArcherProficient in Microsoft OfficeExcellent written and verbal communication and presentation skills; Good command of spoken and written terpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as non-technical audiencesSkilled at planning, tracking plans, and working across departments to review risks, controls, and processes, and gathering and organizing documentation and test resultsSelf-directed, works with minimal guidance, and recognizes when guidance neededAbility to cope with pressure and responsibilityThis job description is not limited to the responsibilities listed and the incumbent may be requested to perform other relevant duties as required by business needs.