CliftonLarsonAllen, LLP Information Security Analyst in St. Louis, Missouri
We are seeking an* Information Security/Cyber Security Analyst* to join our Specialized Advisory Services (SAS) team in our St. Louis_ _office. The Information Security Analyst is responsible for providing technical security consulting to clients, supports other groups within the firm, and supports the Information Security Services Group (ISSG) network infrastructure. S/he is responsible for applying security solutions to help clients safeguard their organizations. The Information Security Analyst is skilled at identifying, diagnosing, and implementing various security services.
- Network & Application Penetration Testing: Evaluates, tests, scans to determine weaknesses in client IT operations, processes, systems, and related controls. Presents solutions based on findings to engagement team.
- Security Assessments:Internal Network Vulnerability Assessments, HIPAA risk assessments, payment fraud assessments, and payment card industry compliance. Reviews tactics and processes to protect organization from threats. Interprets findings to determine if systems and processes can appropriately react to threats. Identifies security settings that may need “hardened”. Recommends multi-layered approach to prevent attacks, including proper defense, relationships, communication, and training.
- SSAE 16/SOC Reporting: Understands SSAE 16/SOC report standards and makes recommendations on most effective report. S/he helps to identify the needs of report users, assess the design of controls, remediates the control gaps.
- Security Incident Response & Disaster Recovery Planning: Implements response procedures to identify, assess, and properly address threats and/or recover from an incident. Investigates and assesses the nature and scope of breaches and recovers critical systems and data. Reviews procedures for disaster response, recovery, and restoration, and recommends enhancements. Participates in the implementation of enhancements. Structures tests and exercises to prepare recovery teams.
- Security Awareness Training: Ensures training sufficiently educates employees to recognize threats, use security controls, and highlights the role of everyone to improve the organization’s security posture. Recommends training needed and timing of delivery.
- Technical Knowledge:Knowledge of IT security concepts, best practices, and procedures. Knowledge of Windows, Unix/Linux, or Novell operating systems. Knowledge of Cisco IOS software, Cisco hardware, and/or network infrastructure hardware and software. Knowledge of IT control requirements associated with FFIEC, GLBA, Sarbanes-Oxley, HIPAA, and, PCI. Knowledge of security audit techniques, processes, and services.
- Knowledge of ACH and wire procedures, bank agreements, IT security measures (including anti-virus and anti-malware programs, server and workstation patching, and transaction/network event logging), and insurance. Knowledge of PCI data security standards.
- Participates in the execution of the information technology audits, including definition of audit scope, control evaluation, test activities, audit reporting, issue resolution, and risk assessment for assigned audit objectives.
- Executes on security and operational audits in various computing environments
- Identifies information technology internal control structures and strategies through appropriate forms of investigation and consultation
- Ability to deliver a high level of client service through positive interactions
- The ability to travel approximately 40%. Please keep in mind that travel requirements are based on your current client base; therefore, this percentage could increase or decrease and vary year to year.
Required Experience & Education
- BS/BA degree in business, management information systems, computer science, or related field required. Associates degree with equivalent experience may be acceptable in some cases.
- Minimum 1+ years experience in operational IT and audit/consulting, specifically performing penetration testing and vulnerability assessment engagements required.
- Experience in an IT security role, analyzing multiple aspects of information security for organizations. Previous experience in a support or development role, related to applications development, desktop, server, or network infrastructure preferred.
- Preferred certifications include GSEC, GCIH, GPEN, OSCP, OSCE, OSWP, CISA, CISM, CISSP.
- Travel: This position requires frequent local travel to/from client sites and may require occasional non-local or overnight travel for client visits, training, meetings and/or other business-related purposes.
ABOUT THE FIRM
CliftonLarsonAllen LLP (CLA) is a professional services firm delivering integrated wealth advisory, outsourcing and public accounting capabilities to help enhance our clients’ enterprise value and assist them in growing and managing their related personal assets – all the way from startup to succession and beyond. Our professionals are immersed in the industries they serve and have specialized knowledge of their operating and regulatory environments. With nearly 4,000 people, 90 US locations and a global affiliation, we bring a wide array of solutions to help clients in all markets, foreign and domestic. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.
We are deeply invested in the success of our professionals and provide innovative career-building opportunities. At CLA, we aim to positively impact the clients we serve, the people we employ, the profession we represent and the communities we call home.
CLA is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability status, protected veteran status, national origin, or any other characteristic protected by law.
Requisition Number: 16-1043
Title: Information Security Analyst
City: St. Louis