Security Analyst Ii
Responsibility includes the daily operations of supporting and implementing various security initiatives within the organization to ensure compliance with relevant regulations and industry standards. Including but not limited to evaluating risks (risk assessments), data protection (DLP and data classification), compliance management (operational assurance, metrics, and reporting), controls implementation, incident response, security awareness/training, and continuous improvements of the security posture. GRC tools include Diligent, Security Scorecard, and Microsoft Purview Compliance Manager. Experience in cross-mapping security controls such as CIS Critical Security Controls (CSC), NIST Cybersecurity Framework (CSF), Secure Control Framework (SCF), and Cloud Security (CCM). Support, develop, and implement a corporate-wide security training program, including ongoing security awareness (phishing simulation and notification of security trends), annual foundational training, and Cybersecurity Month (NCSAM) initiatives. Collaborate with Squads to mitigate vulnerabilities, proactively monitor threats to the enterprise, and train employees on trends via tools such as Proofpoint, LRN Catalyst, and Microsoft Attack Simulation.