Urban Science

  • Information Security Analyst

    Location US-MI-Detroit
    Posted Date 4 months ago(4 months ago)
    Job ID
    2018-3973
    # Positions
    1
    Category
    IT Operations
  • Overview and Summary

    Urban Science is a business-solutions company focused on supporting the needs of the sales and marketing function of the automotive industry. We leverage a scientific methodology to help our client partner sell more vehicles, improve profitability and increase customer loyalty. And we do that by helping solve their toughest challenges including planning an optimal dealership network, improving individual dealer performance and efficiently converting sales leads into sales. In short, we guide business through science-and we’ve been doing this since 1977.

     

    POSITION OVERVIEW 

    The IT Operations Senior Specialist is an integral part of the Urban Science Global Security Team and works closely with technical and business partners to maintain the confidentiality, integrity, and availability of global company and client information assets. This team member monitors security tools, logs, and reports; analyzes tool output and reports; and works with business and technical teams to remediate vulnerabilities and implement appropriate controls. This team member also conducts security reviews, risk assessments, and audits to ensure the continual improvement of an ISO 27001 risk management framework, and compliance with relative regulations and contractual obligations.

    Essential Duties and Responsibilities

    • Review and analyze security tool output and vulnerability data to identify relevant vulnerabilities; monitor external threat intelligence feeds for internal relevance.
    • Work with business and technical teams to prioritize and remediate identified threats and vulnerabilities; manage vulnerability life-cycle to full remediation.
    • Conduct regular security reviews, risks assessments, and audits of internal security technologies and controls.
    • Detect and document technical and procedural vulnerabilities; communicate vulnerabilities to relevant parties.
    • Maintain global ISO 27001 security control set to certification level; work with internal and external auditors to maintain security controls effectiveness.
    • Train business and technical teams on security, privacy, and compliance topics as required; assist with the management of internal security training and awareness program.
    • Manage and lead incident management, documentation, investigation, and remediation activities – with occasional after-hours support.
    • Participate in problem management, change management, and corrective/preventive action processes.
    • Remain aware of current and emerging threats, vulnerabilities, and response methods, as well as emerging security technologies.
    • Assist with the operation and enhancement of the security toolbox including application, network and database vulnerability scanning tools, as well as log analysis and alerting tools.
    • Document security systems and controls; manage security management system documentation set and process.
    • Develop and implement metrics collection and reporting method; create management reports and dashboards.
    • Works with manager in completing own annual goal setting and performance review in a timely manner.
    • Proactively communicates with upper management to provide udates and report issues in a timely manner.
    • Work with manager to complete additional duties as needed.

    Qualifications - Education and Experience

    To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, abilities, and competencies required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

    • Understanding of global compliance law/regulation (e.g. EU/DPD, Safe Harbor, GDPR, Privacy Guard, PIPEDA)
    • Familiarity with relevant technology and tools, such as:
      • Penetration testing and related tools.
      • Application, database, and network vulnerability scanners/managers – e.g., CheckMarx, AppScan, VeraCode, Scuba, DBProtect, Nessus, McAfee Secure, etc.
      • Detection and remediation of database vulnerabilities – e.g., Microsoft SQL Server, Oracle, Mongo, etc.
      • Detection and remediation of application vulnerabilities and how to remediate them – e.g., injection, scripting, authentication, error handling, etc.
      • Various firewall/IDP products – Cisco, CheckPoint, PaloAlto, etc.
      • SIEM and log management tools – e.g. LogRhythm, QRadar, RSA, or Splunk.
      • Automation/scripting experience preferred – e.g., Python, Perl, C#, PowerShell, etc.
      • PowerApps, PowerBI, and PowerPoint a plus.
      • Microsoft office products – e.g., Word, Excel, etc.
    • Experience performing application, network, and database security reviews, and risk assessments.
    • Experience working in a collaborative environment with technical and non-technical information asset owners and teams to manage and remediate vulnerabilities.
    • Experience working with incident management, problem management, and/or corrective action processes, as well as (forensic) investigation techniques.
    • Ability to work effectively in a remote, virtual team environment.
    • Ability to operate in a highly confidential manner.
    • Some Cloud security experience desirable.
    • Knowledge of current technological developments/trends in area of expertise required. Connection with local security special information groups / organizations preferred. 
    • Knowledge and understanding of ITIL processes and/or PCI DSS experience desirable.
    • Time Management: Requires strong capability to prioritize competing demands, manage multiple concurrent tasks and run meetings on schedule.
    • Project Management: Project management skills required, including the ability to estimate work efforts, define work plans, delegate work, monitor progress and report schedule variances and scope changes.
    • Verbal Communication: Requires the ability to compose and verbally deliver information of varying levels, using appropriate grammar, tone, inflection and non-verbal cues, while also listening to and correctly deciphering verbal communication delivered by others.
    • Written Communication: Requires the ability and capacity to communicate ideas, facts and data in writing using appropriate grammar, syntax and sentence structure including the ability to create technical documents. 
    • Analytical Thinking/Reasoning: Requires the ability to understand a situation by breaking it apart into smaller pieces, and/or tracing the implications of a situation in a step-by-step causal way. 
    • Results Orientation: Requires the ability to strive for optimal results by taking responsibility for timeliness, commitment to task and adherence to performance standards.
    • Ethics/Integrity: Requires the ability to behave in a trustworthy & transparent manner.
    • Teamwork & Cooperation: Requires the ability to work cooperatively with others and be part of a team.
    • Self-Control: Requires the ability to keep emotions under control and to restrain from negative actions or behaviors.
    • Customer Service Orientation: Requires the ability to understand and help/assist both internal and external customers and meet their needs.
    • Flexibility/Adaptability: Requires the ability to adapt to and work effectively within a variety of situations, individuals or groups, as well as understand and appreciate different and opposing perspectives. 
    • Conceptual Thinking: Requires the ability to understand a situation or problem by putting the different pieces together to see the bigger picture.
    • Interpersonal Understanding: Requires the ability to understand other’s feelings and concerns, and to value individual differences in people.
    • Organizational Commitment: Requires the ability and willingness to align his/her own behavior with the needs, priorities and goals of the organization.
    • Relationship Building: Requires the ability to effectively build and maintain friendly, warm relationships or networks of contacts with clients/customers.
    • Assertiveness: Requires the ability and intent to appropriately display assertive behaviors to ensure others follow and comply with given directions.

    EDUCATION AND EXPERIENCE

    • Must have a baccalaureate degree in information technology, or related field, from an accredited U.S. college or university, or equivalent foreign institution. 
    • Must have a minimum of five years relevant work experience.

    CERTIFICATES, LICENSES, REGISTRATIONS

    One or more of the following certifications is desirable:

    • ITIL: Information Technology Infrastructure Library
    • Microsoft Certified Systems Engineer: Security
    • CISSP: Certified Information Systems Security Professional
    • ISSAP: Information Systems Security Architecture Professional
    • CISA: Certified Information Systems Auditor
    • CISM: Certified Information Security Manager

    WORK ENVIRONMENT 

    The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

     

    This description is intended to describe the type and level of work being performed by a person assigned to this position. It is NOT an exhaustive list of all duties and responsibilities required by a person so classified. The job may require additional hours beyond a traditional 40-hour workweek.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed