Security Analyst III

at  Walgreens

JOB SUMMARY:

Develops and implements standards and procedures meant to protect organizational data assets from unauthorized access, disclosure, modification, or destruction.

Job Responsibilities:

• Assesses and evaluates systems to identify weaknesses and assess risk; performs vulnerability testing.
• Implements new or upgraded security measures or controls, and documents system or process changes.
• Reviews security violation reports or logs, investigates possible security exceptions and coordinates with internal teams or external agencies as needed, including managed service providers.
• Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. May advise on security controls for projects.
• May advise on penetration testing and vulnerability assessments of applications, operating systems and/or networks. May conduct complex cleanup of legacy environments
• Researches and evaluates cybersecurity threats and performs root cause analysis.
• Assists in the creation and implementation of security solutions, which may include conducting vendor assessments to ensure vendor is complying with security contract language and WBA security requirements.
• May conduct contract reviews for appropriate security language prior to a project/WBA signing
• May conduct remediation management or governance and/or escalations on vendors or operations issues requiring a solution
• May perform as “Level 3” support in the event Managed Service provider is unable to resolve an issue.
• May review projects to ensure alignment with Security Requirements and/or represent info security on projects, when necessary. May conduct oversight of a particular area of Managed Service, when necessary
• Provides information to management as required, including Producing and delivering various dashboard, metrics and other reports, as required

BASIC QUALIFICATIONS

• Bachelor’s degree and at least 2 years of experience in IT Security OR High School/ GED and at least 4 years of experience in IT Security
• Experience working in Security Engineering, Threat Response, Security Operations, IT Operations, IT Compliance and/or IT Governance
• Willing to travel up to/at least 10% of the time for business purposes (within state and out of state).

PREFERRED QUALIFICATIONS

• Bachelor’s degree in IT, IS, Mathematics
• CISSP or CISA Certification
  We will consider employment of qualified applicants with arrest and conviction records

• Assesses and evaluates systems to identify weaknesses and assess risk; performs vulnerability testing.
• Implements new or upgraded security measures or controls, and documents system or process changes.
• Reviews security violation reports or logs, investigates possible security exceptions and coordinates with internal teams or external agencies as needed, including managed service providers.
• Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. May advise on security controls for projects.
• May advise on penetration testing and vulnerability assessments of applications, operating systems and/or networks. May conduct complex cleanup of legacy environments
• Researches and evaluates cybersecurity threats and performs root cause analysis.
• Assists in the creation and implementation of security solutions, which may include conducting vendor assessments to ensure vendor is complying with security contract language and WBA security requirements.
• May conduct contract reviews for appropriate security language prior to a project/WBA signing
• May conduct remediation management or governance and/or escalations on vendors or operations issues requiring a solution
• May perform as “Level 3” support in the event Managed Service provider is unable to resolve an issue.
• May review projects to ensure alignment with Security Requirements and/or represent info security on projects, when necessary. May conduct oversight of a particular area of Managed Service, when necessary
• Provides information to management as required, including Producing and delivering various dashboard, metrics and other reports, as require