Information Security Analyst
Company: TSI, Inc.
Location: Saint Louis
Posted on: November 11, 2019
*** NOTE *** 12 month w2 contract
- Act as a consultant to System Owners concerning very diverse
technology needs and compliance with Information Security
Directives, the Security Assurance (SAFR) program, NIST, and
environmental standards used by the Company.
- Assess and document risk pertaining to technology
implementations, deviations from established controls, changes to
information systems, and vulnerabilities identified during security
- Consult with business line clients during initial requirements
gathering and design meetings for technology projects.
- Conduct threat model to determine asset protection and risk
mitigation recommendations based on a threat-driven approach.
- Provide consultation concerning a wide variety of Information
Security programs; examples: Classification management (labeling,
marking, safekeeping/storage, transmission, reproduction,
downgrading, declassifying, and destruction) of physical and
electronic records; Vulnerability management (patching, scanning,
recommended remediation or mitigation actions); Configuration
management; system or component hardening; 3rd party vendor and
cloud-hosted service-related risks
- Conduct and document compliance testing activities, policy and
standard gap analyses, and security control testing to support
continuous monitoring plans.
- Research and test emerging technology, software, and consulting
with business partners, to address security requirements and
- Facilitate risk assessment process discussions with system
owners and SMEs (Subject Matter Experts), clearly documenting and
communicating security risks and exceptions identified.
- Represent on various Information Security committees and work
- Review and disseminate policies, standards, and directives
- Develop documentation templates to support system owners
- Develop, distribute, or present materials to facilitate and
enhance Information Security Program awareness and understanding
Qualifications and Skills:
- 3-5 years of experience in Information Security or a related IT
discipline with an emphasis in information security consultation,
risk assessment, and security compliance related activities.
- Technical and operational proficiency with or working knowledge
of a wide array of computer hardware, operating systems and
- Understanding of the Critical Security Controls (SANS,
- Conduct independent research and analyze complex requirements,
including FRS, NIST and FISMA security standards, determining
impact and implementation.
- Analyze and assess complex technical plans (i.e. security
- Understand, develop and propose changes to internal procedures
in response to environmental changes.
- Solid written and oral communication skills.
- Communicate effectively with all levels of management, peers,
organizations within the client, customers, and outside
- Proven ability to meet deadlines and deliver quality work in a
fast paced environment.
- Work in a collaborative and team-oriented environment.
- Preferred Industry recognized certification in Information
Security; examples: Certified Information Systems Security
Professional (CISSP), GIAC Security Leadership Certification
(GSLC), Certified Information Systems Auditor (CISA), Certified
Information Security Manager (CISM), Certified in Risk and
Information Systems Control (CRISC).
- Experience with common vulnerability publications and
resources, including: Common Vulnerability Scoring System (CVSS),
National Vulnerability Database (NVD), Common Weakness Enumeration
(CWE), Common Vulnerabilities and Exposures (CVE), and Common
Platform Enumeration (CPE).
Keywords: TSI, Inc., St. Louis , Information Security Analyst, Professions , Saint Louis, Missouri
Didn't find what you're looking for? Search again!