Information Security Analyst

Location: New York

Contact(s): Tracey Breslin

The Information Security Analyst will assist the Senior Information Security Manager in maintaining the firm's ISO 27001 information security program and preparing for client audits. The analyst will be involved in administering the firm's third-party risk management, vulnerability management, IT risk management, security awareness, and incident response activities. Other responsibilities include configuration and maintenance of security systems, including Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), and Privileged Access Management (PAM). 

 Duties and Accountabilities 

  • Reports to and takes direction from the Senior Information Security Manager.
  • Assist in all aspects of Information Security, Data Privacy Compliance, Information Governance Coordination, and Information Risk Auditing, including Client Audits, Internal, External, and Vendor Assessments
  • Assist in defining and maintaining information security policies and procedures.
  • Work with internal audit and other stakeholders as appropriate on security assessments, compliance matters, and audits.
  • Assist in the security-related planning for all future IT strategic initiatives.
  • Hands-on installation, configuration, administration, maintenance, and support of Information Security products. Major areas of responsibility are:

o Outsourced services: remote monitoring and Pen Tests

o Duo Security Dual Factor Authentication, CyberArk, Cybereason EDR, and Symantec: Antivirus & USB Encryption.

o Security Access Review, Varonis, Watchdog, and Digital Defense vulnerability scans

o Security questionnaires, ISO, and policies

 Additional Responsibilities

  • Maintain the practice of continuous improvement and education
  • Maintain professional and technical knowledge by reviewing relevant professional publications
  • Comfortably interact with all levels of the partnership and staff

  Qualifications

  • BS in Computer Science, Engineering or relevant work experience preferred
  • 3+ years of experience in relevant technology and business skills
  • Preferred certifications: CISSP, CISM, CISA, and/or SANS.
  • Ability to work in teams of highly skilled technical professionals
  • Ability to analyze and resolve complex issues
  • Must be able to multitask and work in a fast-paced environment
  • Strong analytical skills
  • Capable of grasping new concepts without prior experience
  • Self-motivator, independent, cooperative, flexible, and creative
  • Ability to travel or work overtime, as needed
  • Excellent oral and written communication and interpersonal skills as necessary to communicate and coordinate with others on routine and non-routine matters.

 Technical Skills

  • Working knowledge of firewall, Syslog, and inline IPS analysis.
  • Working knowledge of IP networking and network security, including DMZ, encryption, IPSec, PKI, VPNs, MPLS/VPN, Site to Site VPN tunnels, and SSL/VPN.
  • Experience with Active Directory and Group Policy. 
  • Support remote access and multi-factor Duo Security technologies to internal/external users.
  • Experience with Symantec security suites: Endpoint Protection & Endpoint Encryption.
  • Experience with Cybereason EDR
  • Experience with Active Directory and Group Policy. 
  • Assist with client questionnaires
  • Experience with Network scanning (e.g., Digital Defense, Qualys, Nexpose, Saint, Rapid7, etc.)
  • Familiar and have had pen-testing experience against common network topologies and implementations (e.g., Infrastructure, DMZs, Zones, Wireless, etc.)
  • Prior experience identifying security incidents, providing supporting information to clients and supporting the client through containment and remediation
  • Support incident management processes and security monitoring alerts to prevent internal/external hackers from compromising client data and assets.
  • Understand the latest threat techniques and support appropriate countermeasures, configurations, and awareness.
  • Understanding essential security technologies such as encryption, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.
  • Experience with ISO 27001 certification or other security frameworks such as SOC2, NIST, HIPAA, and SOX. 

 

EEOC: Cadwalader is an equal opportunity employer. We offer opportunities to all qualified persons regardless of race, color, religion, sex, age, national origin, marital status, veteran status, disability, sexual orientation, gender identity and expression, or status in any group protected by federal, state or local law.

Apply