Ensono is searching for a multifaceted information security professional who can partner closely with, and interface with general IT, architecture teams, business teams and clients.
This role will frequently work with Ensono’s Global Security Operations teams and will ensure that all Ensono teams adhere to Ensono’s corporate information security policies, procedures, baselines and guidelines.
The Sr. Security Analyst will also identify risks and threats and support security incident response where necessary. The role will support the EMEA business to assure client satisfaction with Ensono security practices and commitments. The individual will be part of Ensono’s Global Cybersecurity Team, participating in their activities, operating consistent with the team’s practices and project schedules, and sharing responsibilities for any security-related task that may be required of team members.
Review client security terms in proposed MSAs to assure Ensono can meet requirements. Coordinate with Ensono Legal and other Business Teams to ensure acceptable terms.
Contribute to the development of re-engineering methods to improve processes, reduce risks, increase controls and/or increase customer satisfaction.
Articulate and pitch security advice, at both business and technical levels to all staff, including senior management and clients.
Provide guidance to operational support teams for existing security infrastructure solutions, balancing customer service while maintaining a high-level of security hygiene across numerous cyber security environments.
Partner with other Cyber Security and Information Technology teams to drive cross-functional projects
Work with project teams to identify and remediate control gaps using existing and proposed processes and technologies.
Perform and lead information security control gap assessments in accordance with Ensono’s policies/procedures and standards.
Support Ensono business and/or functional teams in the development and deployment of action plans to close identified information security control gaps.
Monitor compliance with information security policies and practices and any applicable laws. Assist with internal and external security risk assessments, risk analysis and application or system-level testing and reviews. Participate in the assessment of compliance with security regulations. Participate in periodic application security health checks.
Assist with the research, development, continuous improvement and implementation of security policies, procedures, standards and processes based on compliance requirements and industry best practices. Enforce information security policies and procedures by reviewing security violation reports, investigating possible security exceptions and documenting security controls. Contribute to the collection of information security metrics.
Prepare status reports on information security matters that are used for a variety of purposes – tracking and monitoring and risk management & compliance reporting. Coordinate with internal team and external auditors to provide documentation of compliance assessments, support and remediation activities.
Assist with the review, analysis and response to security events. Work to reduce information security risks by effectively administering the information security processes across the security policy and forensic functions.
Maintain and develop knowledge of regulatory security trends, new security technologies and best practices. Conduct security and industry specific research to keep self and Ensono abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices. Participate in information security education, training and awareness activities for technology and business teams.
Promote cyber security awareness by developing and implementing a security awareness and training program to staff at all levels.
Work with project and internal teams to provide security architecture review on projects and proposals
Security project execution/management – Manage and execute regional or assigned security projects in line with requirements provided by management.
Participate in client meetings as needed.
Skills and Experience Required
Minimum 5 years of related experience
Experience reviewing security requirements in MSAs
Demonstrable experience of identifying security risk and familiarity with common control frameworks
Bachelor’s required, preference in Computer Science or similar
Excellent oral and written communication skills
Self-directed ability to lead, prioritize and drive an initiative from concept to implementation
Strong analytical, problem solving and troubleshooting ability
Proven ability to collaborate with people at various levels globally
Familiarity and experience in Risk Management
Good working knowledge of Information Security Standards i.e. ISO 27001 & PCI-DSS
Familiarity with relevant regulatory requirements such as GDPR.
Other Desirable Skills and Experience
Hold CISSP, CISA, CISM, CRISC or similar qualifications