Information Security Analyst

at  Frankenmuth Insurance Company

Summary: Under limited supervision and with significant independent judgment defines, delivers, monitors and reports on risk management, compliance and information security programs as it relates to corporate IT Security.
Essential Duties and Responsibilities: Related to network and mainframe based information security, systems, applications and infrastructure; its policies, procedures and compliance of same.
1. Provide information security analysis across all platforms and technologies. Respond to identified security breaches or weakness in a timely manner.
a. Research, document, and track all security incidents (internal/external), utilizing incident tracking software. Make recommendation for appropriate action(s) for remediation and develop additional controls as deemed necessary.
b. Formulate responses to security incidents or exposures for IT management review.
c. Monitor intrusion detection systems / services; recommend appropriate action(s) to mitigate risk to corporate resources.
d. Aggregate, monitor, and analyze system and network logs
2. Perform high level security assessments, penetration tests, and policy compliance reviews. Develop and maintain appropriate procedures, documentation, and recommendation for remediation of identified weaknesses.
a. Develop and perform periodic security assessments of various systems, infrastructure, and connectivity; provide reports to be used for decision-making by IT management.
b. Design, perform, and/or oversee penetration testing of all systems in order to identify potential security vulnerabilities.
c. Evaluate and recommend changes to IT infrastructure change management process to ensure controls are appropriate
d. Ensure that security infrastructure / system hardware and software inventory are updated quarterly; provide reports for management review / audit.
e. Conduct user activity security audits when requested by management.
f. Provide security recommendations or assessments as requested to various IT projects, implementations, or concept development.
3. Research, recommend, develop, implement, maintain, and audit security policies and procedures to improve and maintain a high degree of focus on information security for the company’s IT assets in accordance to industry best practices and in support of company business objectives.
a. Develop and maintain IT Security Policies and Procedures compliant with industry frameworks, regulations, and laws.
b. Educate and inform employees specific to IT security policies & procedures as well as knowledge of latest security threats and vulnerabilities as it applies to the company.
c. Review and recommend systems / tools to maintain or improve security assessment and reporting capabilities.
d. Evaluate, assign and maintain an inventory of system risk assessments, indicating level of risk, potential exposure, and recommendations for improvement.
e. Maintain a thorough understanding of standards and compliance regulations that may directly impact the company.
4. Provide leadership to junior staff through guidance and training. May provide input regarding performance.
5. Assist in the development of complex security programs that support risk management objectives.
6. Perform other duties as assigned.

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
A minimum requirement for this position is the ability to work legally in the United States. No visa sponsorship/support is available for this position, including for any type of U.S. permanent residency (green card) process

Please refer the Job description for details