Job Description

Sr. Info Security Analyst - Governance
Job Number: 19-04565

Use your skills where innovative technology solutions begin. Eclaro is looking for a Sr. Info Security Analyst - Governance for our client in Redwood City, CA.
Eclaro’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!
Role Overview:

The Senior Information Security Analyst reports to the Director, Information Security Governance and primarily serves as a risk assessor for incoming and existing products, solutions, services and vendors. This role also responds to end user security support requests, assists with access control requests and will play a key role in proactively identifying and providing requirements to mitigate enterprise risks prior to onboarding new, adding feature enhancements, and/or allowing updates. This role will also chair the change review board and assist the Business Information Security Analyst with the Information Security Training and Awareness program.
  • Evaluate requests for exception to established security policies, guidelines and standards
  • Document findings associated with all exception requests and review on a recurring basis for continued necessity
  • Perform information security reviews of vendor software, solutions and services to assess risk imposed and compliance levels against regulatory (HIPAA, PCI, etc.), department policies, guidelines and standards
  • Provide risk reduction\mitigation options where possible for all requested security review and exceptions Track and ensure requestor compliance with mandated-options provided
  • Document all approved reviews and audit on a recurring basis for continued necessity
  • Develop and mature the change management strategy, team charter, and execution plan that supports goals, maximizes employee adoption and usage and minimizes resistance
  • Chairs change management meetings assuring all requirements and open concerns have been mitigated prior to implementation
  • Tracks disposition of all change requests
  • Provide support to training and awareness initiatives, including but not limited to phish-testing, lunch and learn logistical support, etc
  • Establish a security review and exception process which includes accomplishing periodic review and renewal or denial of existing reviews and exceptions
  • Respond to end user security support requests; monitor security inbox, follow up on support requests through to completion
  • Assist the Business Information Security Analyst with the Information Security Training and Awareness program as required

  • Master's Degree and minimum of 2+ years of experience in a similar role
  • Bachelor's Degree and minimum of 4+ years of experience in a similar role
  • Associate degree and minimum of 7+ years of experience in a similar role
  • Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice
  • Experience running a change management function
  • Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management
  • Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments
  • Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security/risk-related concepts to technical and nontechnical audiences
  • Proven track record and experience in risk assessment, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment
  • Proven track record and experience in comprehending workflow deficiencies and ability to develop and articulate changes to those workflows to mitigate risk and not adversely impact workflow efficiencies
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations
  • Experience in thriving in communication and collaboration with diverse audiences and senior leadership
  • Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices

Preferred Qualifications:
  • Knowledge of common information security management frameworks, such as NIST
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines
  • Executive level presence and presentation skills
  • Experience with a cloud service spanning multiple countries
If interested, you may contact:
Lea Enriquez

Lea Enriquez | LinkedIn
Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online