Information Security Analyst

---

Job description

Information Security Analyst

Information Security Analysts have an in-depth understanding of information security with the ability to quickly understand a client's business environment and security requirements. This knowledge must be coupled with an in-depth understanding of at least one of today's leading information security frameworks: PCI DSS, HIPAA/HITECH, GLBA, or ISO 27001. The Analyst must use this knowledge to audit and assess a client's security posture as it relates to business drivers and ascertain compliance with established security and privacy requirements. Analysts must present clear findings to the client in written and verbal form.

Compensation Range:

$90,000 - $105,000 annual salary based on experience and geographic location

Benefits:

Dara offers a full benefits package. We pay 100% of employee premiums for healthcare insurance (medical, dental, vision), offer a 401k plan with company match, Profit Sharing Plan, certification/training bonuses, monthly internet expense reimbursements, well-being expense reimbursements, personal days off in addition to earned Paid Time Off, and opportunities to earn top-level industry certifications.

Work Location, Authorization, and Schedule:

This full-time position is 100% remote and requires the ability to work well independently to complete projects accurately & on time. Candidates must be legally authorized to work in the United States and be able to pass a background check. This is not a position for which sponsorship will be provided. The role requires occasional travel to client locations both within and outside of the United States. Hours of work may vary and depend on the project assigned to the Analyst.

Required Certifications (must be current and not expired):

One of the following information security designations: (ISC)2 CISSP, ISACA CISM or ISO 27001 Lead Implementer

AND

One of the following auditing designations: ISACA CISA, GIAC GSNA, ISO 27001 Lead Auditor, ISO 27001 Internal Auditor, IRCA ISMS Auditor (or higher), or IIA CIA

Education Requirements:

Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science or related field, or equivalent experience

Job Duties:

• Conduct PCI assessments and gap analyses
• Perform auditing techniques and procedures that support assessment findings
• Create quality, customized reports that detail the client s control environment and assessment findings
• Formulate a roadmap of actionable steps for improving the client s security posture and/or achieving compliance
• Effectively communicate complex technical information to a variety of audiences, including executive level and technical decision-makers
• Interact with customers to schedule and perform activities as detailed in SOWs
• Consult with clients to help them understand assessment findings and remediation options
• Work with Sales Professionals and customers to provide presales and scoping assistance as needed
• Develop subject matter expertise across various industries focusing in information security and privacy requirements
• Consistently update Dara Security s CRM and work management platforms to ensure accurate tracking of project activities

Experience Requirements:

• Minimum two years of recent experience in a role conducting internal IT audits, external IT audits or leading PCI DSS assessments
• Minimum two years of recent experience in an information security role
• Minimum one year of recent experience with Payment Card Industry (PCI) compliance activities
• Demonstrated English language proficiency that enables clear written & speech expression, proficient reading, and verbal comprehension
• Solid understanding and execution of audit procedures
• Detail-oriented with excellent time management, organization, follow-up, and follow-through skills
• Familiarity / general networking knowledge with various security control processes, technologies & solutions, including cloud security, vulnerability management, firewalls, IAM, SIEM, EDR, IDS/IPS, DLP, AV, FIM, WAF, cryptography, software development, networking, communication protocols, etc.
• Proficient with MS Word, MS Excel, and PowerPoint
• Ability to handle interruptions in a challenging environment
• Team player with a positive attitude who can independently complete projects with minimal management oversight
• Driven to learn new technologies and audit techniques

Preferred Qualifications:

• Current (not expired) PCI QSA certification
• Current PCIP certification

<!– job description page –>