Information Systems Security Analyst

NYSTEC is a nonprofit technology consulting company, advising agencies, organizations, institutions, and businesses since 1996. We're independent and vendor-neutral, so we have our clients' best interests at heart. At NYSTEC, we know that we succeed when individuals and teams flourish personally and professionally, so our benefits and perks support that mindset.

The information systems security analyst will assist the information security compliance manager with providing oversight and direction for developing and supporting NYSTEC's information security initiatives. This position interfaces with staff and management across all levels of NYSTEC, as well as with external business partners, to ensure that NYSTEC's critical business functions and systems are secure and in accordance with best practices.

The information systems security analyst will execute all information security functions for the company in keeping with a perspective to mitigate risk and balance enhanced capacity and productivity.

• Participate in creating enterprise security documents (policies, standards, baselines, guidelines, and procedures).
• Maintain up-to-date baselines for the secure configuration and operation of all in-place devices, whether under direct control (i.e., security tools) or not (e.g., workstations, servers, network devices).
• Participate in investigations into problematic activity.
• Participate in designing and executing vulnerability assessments, penetration tests, and security audits.
• Provide on-call support for end users for all in-place security solutions.
• Ensure security configuration compliance with requirements, including but not limited to those under the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Trust Alliance (HITRUST), and state and federal regulations.
• Assist in preparing, implementing, and documenting security controls, policies, and procedures to achieve and maintain System Organization Control Type 2 (SOC2) compliance requirements.
• Manage controls assigned in our governance, risk, and assessment platform (Hyperproof).
• Administer and maintain security tool sets.
• Develop and deliver security awareness training for the organization.
• Collaborate with the technical services team and cross-functional departments to remediate security risks.
• Assist with performing information technology risk assessments.
• Provide recommendations for additional security solutions or enhancements to controls to improve the overall security and defense-in-depth strategy.
• Assist with deploying, integrating, and initially configuing all new security solutions, and any enhancements to security solutions, in accordance with established best practices and standards.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and new attacks or threat outbreaks. This should include continuation of education and certifications to maintain compliance with regulatory requirements and guidelines.
• Champion the NYSTEC Core Values and Behaviors.
• All other duties as assigned.

• Knowledge of security best practices across multiple platforms, such as Microsoft Windows, Microsoft Office365, and Cisco Internetwork Operating System (IOS).
• Understanding of how sharing and permissions work within Microsoft SharePoint.
• Familiarity with open-source intelligence sites and applying them to perform security analyses.
• Proficient written and verbal communication skills, time-management skills, and the ability to prioritize tasks efficiently.
• Uses good organizational skills to maintain documentation and evidence gathering for reporting and incident analysis.
• Displays confidence in asking questions and bringing attention to concerns that may arise.
• Exercises a high degree of confidentiality and integrity.
• Team-oriented and skilled in working within a collaborative environment.

• Computing Technology Industry Association (CompTIA) Security+, certified information systems security professional (CISSP), or similar certification in information security.

• A bachelor's degree, preferably in cybersecurity or a similar discipline, and two years of experience with security management frameworks (e.g., National Institute of Standards and Technology [NIST], SysAdmin, Audit, and Network and Security [SANS]).
• An equivalent combination of advanced education, training, and experience will be considered.

The salary range for this position is $79,793.00 to $109,716.00 per year.

It is NYSTEC's policy to provide equal employment opportunity (EEO) to all individuals, regardless of actual or perceived race, color, creed, religion, sex, or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), age, national origin, ancestry, citizenship status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, military service and veteran status, sexual orientation, marital status, or any other characteristic protected by local, state, or federal laws and ordinances. NYSTEC is strongly committed to this policy and believes in the concept and spirit of the law.

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please contact recruitment@nystec.com if you require a reasonable accommodation to apply for or to perform this job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.

Applicants must be authorized to work in the United States without the need for visa sponsorship now or in the future.

Learn more about NYSTEC by visiting www.nystec.com.