Position Overview

Reporting to the Information Security Director the Senior Information Security Analyst is responsible for risk assessment based on application data and technology architectures and current information security threats; for solution design and information security policy development and maintenance; for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Senior Information Security Analyst will also monitor assess and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require practical use and understanding of security protocols and standards solid knowledge of information security principles and practices and keen awareness of the state of the threat environment especially as it may pertain to The Andersons.

Key Responsibilities

• Work with business units and other risk functions to identify security requirements using methods that may include risk and business impact assessments.
• Manage completion of information security operations documentation including policy development.Â
• Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Play an advisory role in application development infrastructure engineering and/or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
• Assist and manage with enterprise-wide risk assessment processes
• Drive cross-functional remediation of previously identified security risks and close out pending action plan
• Proactively collaborate with service providers to understand operational findings and drive the appropriate company response.
• Architect develop deploy and support information security systems and solutions such as strong authentication key management IPS SIEM antimalware and others
• Interact with internal and external customers on security-related projects and operational tasks
• Participate in 24x7 Information Security Response team
• Report to company management concerning residual risk vulnerabilities and other security exposures including misuse of information assets and noncompliance.
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
• Performs security due diligence assessments with vendors and contractors
• Researches evaluates and recommends information security related hardware and software including developing business cases for security investments
• Manage services to analyze monitor track and report behavior/tasks logged by assets in the form of incidents to ensure the company is protected from any potential leaks or malicious activities.
• Read and understand system data including but not limited to security and network event logs syslogs and firewall logs.
• Propose changes/improvements to the processes and procedures that will improve operational efficiency provide better service etc.
• Participate in the security awareness training program review and development.
• Perform risk and security assessments to identify control weaknesses and recommend remedial actions for any issues found. Manage and track competition of remedial actions.
• Manages relationship with the audit groups both internal and external. ÂProvides information as requested receives audit findings and manages the collection of responses and remediation plans with owners.
• Maintains an awareness of existing and proposed security standard setting groups state and federal legislation and regulations pertaining to information security. ÂIdentifies regulatory changes that will affect information security policy standards and procedures and recommend appropriate changes. Works with other groups and assists in the development of security architecture and security policies principles and standards.
• Develop and maintain an open and candid relationship with the management through regular contact to discuss all important matters and to make suggestions for improvement.
• Seek out and identify new opportunities for reducing cyber corporate risk

What is expected of you and others at this level

• In-depth knowledge and experience
• Uses existing solutions to resolve complex issues
• Works independently; receives minimal guidance
• Acts as a resource for colleagues with less experience
• Represents the level at which career may stabilize for many years or even until retirement

Minimum Qualifications & Skills

• Bachelorâs Degree in Business Administration Computer Science or related field required Masterâs Degree preferred
• 5-10 yearsâ relevant experience required
• Experience in IT regulation and compliance standards such as PCI/DSS NIST CSF 2.0/ NIST 800-53 CIS Critical Security Controls
• Practical use and implementation of solid knowledge of information security principles and practices for a public corporation; Understanding of IT methodologies such as software development lifecycle and ITIL operations
• Exposures in IT security baseline and procedures development
• Experience in design and implementation of Microsoft Sentinel and Arc.Â

Certifications/Licenses:

• Tertiary qualifications in information or IT security or industry qualifications such as Certified Information Systems Security Professional CISSP Certified Information Security Manager CISM or equivalent are preferred.

Additional Skills:

â ÂStrong analytical and problem-solving skills.
â ÂFoster and support a collaborative harmonious team environment that raises information security knowledge for everyone.Â
â ÂCritical thinking and strong judgment skills
â ÂSuccessful relationship management skills
â ÂExcellent presentation and communication skills.
â ÂAbility to successfully negotiate and resolve conflicts

This job description is intended to describe the general nature and level of work performed. It does not include all responsibilities and skills required of the job and may be changed at any time. All responsibilities must be completed in compliance with all safety protocols policies procedures and consistent with the spirit and philosophy of The Andersonsâ Statement of Principles.