Start Your Job Search:

View All Jobs at TravelCenters of America

Sr Information Security Analyst in Westlake, OH at TravelCenters of America

Date Posted: 1/28/2021

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Westlake, OH
  • Job Type:
  • Experience:
    7 to 10 years
  • Date Posted:
    1/28/2021

Job Description

Job Brief

The Senior Information Security Analyst performs core information security functions for the enterprise.  This includes the day-to-day operations of information security solutions as well as the identification, investigation, and resolution of security breaches detected by those systems.  The Senior Information Security Analyst will design and lead the implementation of new security solutions, lead the creation and/or maintenance of policies, standards, baselines, guidelines and procedures, as well as conduct vulnerability assessments and compliance activities The Senior Information Security Analyst will have a strong background and experience in all areas of information security.

Duties and Responsibilities

  • Address questions from internal and external audits and examinations.
  • Assist in all IT audits, IT risk assessments, and regulatory compliance.
  • Facilitate IT security/risk training curriculum.
  • Serve as project manager/lead within IT security projects.
  • Promote awareness of applicable regulatory standards, upstream risks, and industry best practices.
  • Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios.
  • Maintain oversight of IT and vendors regarding the security maintenance of their systems and applications.
  • Participate in Sarbanes-Oxley 404 (SOX) and Payment Card Industry Data Security Standards (PCI-DSS) controls and controls monitoring activities.
  • Lead the design and execution of vulnerability assessments, penetration tests, and security audits.
  • Serve as the Information Security subject matter expert in the planning, design, and implementation of enterprise security architecture for technical, operational, and administrative activities.
  • Participate in the identification, containment, eradication, and resolution of security issues.
  • Maintain detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the identification and resolution of vulnerabilities and threat vectors.
  • Provide recommendations for additional security solutions or enhancements to existing controls in order to improve overall enterprise security strategy.
  • Lead the deployment, integration, and initial configuration of all new security solutions as well as enhancements to existing security solutions in accordance with standards and best practices.
  • Maintain baselines for the secure configuration and operations of devices, whether they are under direct or indirect control.
  • Perform technical analysis of network activity and monitor and evaluate network flow data, signature-based Intrusion Detection System (IDS) events, and full packet capture (PCAP) data.
  • Triage IDS alerts, collect related data from various network analysis systems, review available open and closed source information on related threats & vulnerabilities, and prepare initial summary reports.
  • Perform incident correlation and escalation.
  • Recommend new IDS signatures and detection strategies.
  • Produce final reports and review incident reports from junior analysts.
  • Provide technical assessments of cyber threats and vulnerabilities.
  • Provide project management for medium to large Information Security projects.
  • Adhere to all company and regulatory policies and procedures, including but not limited to Sarbanes-Oxley IT General Controls and Payment Card Industry Data Security Standards.

Qualifications

  • Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required.
  • Certified Information Systems Security Professional (CISSP) or related certification preferred.
  • 7-10 years Information security experience with a proven ability to engage with Senior Management and regulators.
  • 4+ years’ experience in administering Information security controls in an organization.
  • Knowledge of technical infrastructure, networks, databases, and systems.
  • Experience with Intrusion Prevention System (IPS)/IDS and Security Incident and Event Manager (SIEM) technologies.
  • Project management skills.

Not Ready to Apply Yet?

Why not join our talent network! Talent Networks enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.