Senior Information Security Analyst

at  Lightspeed

The Senior Information Security Analyst plays a crucial role in safeguarding the organization’s information systems by designing robust security frameworks and strategies. This role involves anticipating potential threats, identifying vulnerabilities, and implementing cutting-edge solutions to ensure the confidentiality, integrity and availability of the systems. The Senior Information Security Analyst champions security best practices, proactively identifies and mitigates risks, and helps guide the organization in building and maintaining a resilient security posture that aligns with the organization’s objectives and regulatory requirements. This role collaborates extensively with various teams, assists in incident response, and mentors others to elevate the organization’s overall security posture.

Role:

• Contribute to the implementation and maintenance of comprehensive security architecture frameworks.
• Identify and assess potential security threats, vulnerabilities, and risks to the organization’s systems.
• Design security solutions and controls to protect information systems and data.
• Collaborate with IT and Product teams to integrate security measures into system designs and operations.
• Provide expert guidance on security architecture to stakeholders and management.
• Stay up-to-date with emerging security trends, threats, and technologies.
• Conduct training and awareness programs to educate staff on security best practices.
• Advocate for security best practices and proactive threat mitigation throughout the organization.
• Contribute to the development and maintenance of security standards, leveraging industry frameworks (NIST, CIS, etc.) and cloud provider recommendations.
• Evaluate designs and architectures for potential vulnerabilities, proposing risk mitigation measures.
• Conduct regular risk assessments of cloud infrastructure, applications, and data.
• Work closely with cloud architects, engineers, developers, and operations teams to embed security into all phases of cloud projects.
• Participate in incident response planning and lead remediation efforts in case of security breaches.
• Research, assess, and select security tools and technologies best suited for the organization’s cloud environment.

And a little bit of….

• On-call availability for incident response.
• Contributing as part of the wider team to achieve organizational objectives even if this means doing things that aren’t strictly within the scope of your role.

What will make you successful:

• You have built strong relationships within IT and Product teams, enabling you to effectively champion security initiatives and drive organizational change.
• You have achieved a deep level of understanding across all aspects of Lightspeed’s complex cloud environments.
• You are able to own and drive complex security projects from concept to completion, working with and engaging stakeholders across the organization as necessary.
• Overall reduction in organizational risk due to improved cloud architecture, controls, and remediated risk assessments.

Experience:

• 5+ years of deep hands-on experience designing, implementing, and managing security within large-scale cloud environments (AWS, GCP, etc.).
• Bachelor’s degree or equivalent experience in computer science, cybersecurity, network engineering, or a similar field.
• Proven experience in designing and implementing security architectures for complex cloud environments.
• Experience in working with product & engineering teams to design secure solutions
• Strong background in risk assessment, management, and mitigation strategies.
• Proficient in security frameworks and standards such as NIST, ISO 27001, CIS, PCI-DSS and SOC 2.
• Experience with security incident response and forensics.

Skill required:

• Good understanding of cloud technologies (AWS, Azure, GCP, etc.) and security principles.
• Extensive knowledge of security principles, access controls (IAM), network security, encryption, vulnerability management, threat modeling, incident response.
• Expertise in designing and implementing cloud security architectures.
• Expertise in security frameworks, regulations, compliance requirements.
• Strong analytical and problem-solving skills with the ability to think strategically.
• Excellent communication and leadership abilities.
• Excels in cross-functional collaboration.
• Ability to think creatively and holistically about reducing cyber risk in a complex environment
• Ability to adapt to a complex and ever-changing environment.

• Contribute to the implementation and maintenance of comprehensive security architecture frameworks.
• Identify and assess potential security threats, vulnerabilities, and risks to the organization’s systems.
• Design security solutions and controls to protect information systems and data.
• Collaborate with IT and Product teams to integrate security measures into system designs and operations.
• Provide expert guidance on security architecture to stakeholders and management.
• Stay up-to-date with emerging security trends, threats, and technologies.
• Conduct training and awareness programs to educate staff on security best practices.
• Advocate for security best practices and proactive threat mitigation throughout the organization.
• Contribute to the development and maintenance of security standards, leveraging industry frameworks (NIST, CIS, etc.) and cloud provider recommendations.
• Evaluate designs and architectures for potential vulnerabilities, proposing risk mitigation measures.
• Conduct regular risk assessments of cloud infrastructure, applications, and data.
• Work closely with cloud architects, engineers, developers, and operations teams to embed security into all phases of cloud projects.
• Participate in incident response planning and lead remediation efforts in case of security breaches.
• Research, assess, and select security tools and technologies best suited for the organization’s cloud environment