ACCO Brands, one of the world’s largest suppliers of branded office products, with annual revenues of over $2.1 billion, is seeking a Sr. Information Security Analyst for our Lake Zurich, Illinois, Corporate Headquarters.
The Sr. Information Security Analyst reports to the Vice President Global Cybersecurity. This role will include leading process improvement activities, being a key member of the security incident response team, driving special projects and other cyber security related activities.
This position will serve as the analyst/subject matter expert on all matters, technical and otherwise, involving the security of classified information systems under their purview. This person will perform assessments of systems and networks within the networking environment and will identify where those systems and networks deviate from acceptable configurations or policy. This is achieved through passive evaluations such as analysis from security system data logs and active evaluations such as vulnerability assessments. The position will include support of process, analysis, coordination, security documentations, as well as investigations, emerging technology research inspections. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Duties and Responsibilities:
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Recommend additional security solutions or enhancements to existing IT solutions to improve overall enterprise security.
- Assist at Implementing and maintaining a formal IT security program and security policies.
- Identifies potential threats and risks and makes recommendations to mitigate these issues.
- Participate in the planning and design of enterprise security strategy, processes and procedures.
- Lead security related projects as applicable.
- Assists in maintaining compliance with various compliance programs, such as PCI and Sarbanes-Oxley.
- Manage the remediation and mitigation of security violations to determine if the network environment has been breached, assess the impact and preserve the evidence.
- Maintain and enhance the security education, training and awareness program for the organization.
- Manage, maintain and execute a continuous incident monitoring program.
- Perform control validation and remediation validation to ensure controls comply with security policies, procedures and technical requirements.
- Assist and partner with IT teams at optimizing and enhancing security tool deployment and continuous monitoring capabilities.
- Create weekly metric reports to demonstrate control effectiveness using monitoring tools.
- Lead and assist with incident response activities.
- Provides project support for both IT and business initiatives requiring security posture and control improvements.
- Perform security risk assessments, share results and recommend a remediation approach.
- Analyze system performance for potential security problems. Prepares system security reports by collecting, analyzing and summarizing data trends.
- Perform penetration tests and vulnerability assessment on internal applications and external facing websites.
- Collaborate with other Teams to ensure appropriate security incident management and threat response processes are followed.
- Perform root cause analysis and create reports based on outcomes of incident investigations.
- Create, deploy and manage a vulnerability management program, schedule, plan and policies.
- Expected to stay up-to-date on the latest intelligence, including hacker methodologies or the kill chain, in order to anticipate security breaches.