Senior Information Security Analyst

security analystLoricca is a national provider of IT Security and Regulatory Compliance Solutions. Loricca delivers flexible and innovative solutions through world class technical services combined with industry best practices. Loricca’s highly talented team brings many years of experience delivering successful solutions to commercial enterprises and government agencies. The protection of critical and sensitive information is at the forefront of many corporate initiatives.

Loricca desires to add to its team of security and compliance professionals which involves a limited amount of travel.  Each project requires minimal time onsite at the client facility, with the majority of the work and deliverables completed offsite at Loricca facilities.

This job description indicates the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to this job. The incumbent of this position is also expected to undertake other duties which may not be listed on this job description as directed by their manager which can be deemed as reasonable within the scope of their role.  Loricca, Inc. is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, or religion/belief.

Responsibilities:

  • This individual will become part of a small team of senior security and compliance analysts to plan, organize and perform security audits/risk assessments.  Including data discovery, analysis of the findings and report generation of detailed findings and recommendations and other key client deliverable.
  • Develop remediation plan based on results of the security assessment.
  • Serve as an information security subject matter expert (SME) consultant for Loricca.
  • May conduct network vulnerability analysis, technical scanning and assist with penetration testing.
  • May assist clients with developing and/or modifying their security policies, procedures, and practices so that they are compliant with any applicable regulations (HIPAA, HITECH, PCI, FISMA, NIST, etc.) and professional standards.
  • May be involved with developing appropriate IT security training and awareness to be rolled out to the client workforce.
  • Will be involved in assisting clients with risk management program planning related to the information security features of systems, networks, and related administrative activities.
  • May be involved in assisting clients with compliance gap remediation, security controls implementations, safeguards, operations, and usage related to information security.
  • May conduct an application/data criticality analysis, business impact analysis (BIA), disaster recovery and contingency planning.
  • Provide weekly status reports and project time tracking.
  • Must comply with applicable corporate security policy.

General Skills and Experience Requirements:

  • Must have one or more of the following certifications:  CISSP, CISA, CISM.  Additional technical certifications are a plus.
  • Minimum 5 years experience in the management of both physical and logical information security systems, controls and safeguards
  • Strong technical skills, including application, operating systems and server hardening, vulnerability assessments, security audits, intrusion detection systems, incident response, firewalls, security configuration management, etc.
  • Must have outstanding interpersonal and communication skills (oral and written)
  • Must possess a high degree of integrity and trust along with the ability to work independently
  • Must have excellent documentation skills
  • Ability to weigh business/IT risks and make appropriate information security recommendations
  • In-depth knowledge of the HIPAA Security Rule (PCI DSS, NIST and/or FISMA is a plus)
  • A Bachelor of Science degree
  • Good understanding of various security controls, systems and technologies
  • Ability to quickly understand complex client systems, technologies, infrastructures and networks
  • Multitasking in a fast paced environment
  • Working effectively with a variety of stakeholders from different technology and business teams
  • Excellent English verbal and written communication skills

To apply, please forward your resume to HR@Loricca.com.