Cybersecurity Analyst - Application Security

GRC Duties

• Proficient with GRC (Governance, Risk & Compliance) access management tools (e.g., Saviynt EIC)
• Provisioning/deprovisioning users into enterprise ERP applications (including S4/HANA, D365, etc.) or ability to onboard target applications into Saviynt EIC tool
• Familiarlity with provisioning emergency access (Firefighter) and priveledged access management (PAM)
• Experience with management and monitoring of privileged access to all SAP applications, and other cloud-based applications
• Identification and reporting of user segregation of duty (SoD) issues accross global applications.
• Working with internal/external auditors to resolve security issues
• Research and document cybersecurity policy exceptions and ensure compliance

Cybersecurity Duties

• Work with our MSSP to preview and prepare vulnerability reporting for distribution to our Infrastructure team for rememediation.
• Assist with updating and maintaining cybersecurity policies and standards regarding compliance, education, and security awareness
• Set up, deploy, and report on phishing camkpaigns and remediation training.
• Prepare bi-annual cybersecurity awareness training and work with LMS department to set up cybersecurity content from our training partner.  
• Work with information systems stakeholders and administrators to understand their security needs.
• Assist with maintaining our IT policy library and annual policy review/renewals.
• Perform research for best practices cybersecurity practices and developing  new IT policies to address current security trends.

Core Responsibilities:

• Ability to work both alone and as part of a team environment.
• Work with our users to ensure compliance with all corporate IT policies, procedures, and initiatives.
• Stay up to date with the latest Cybersecurity and GRC vulnerabilities and software.

Key Performance Indicator (KPIs)

* Ability to analyze and access vulnerability scanning and penetration reports

· ERP user provisioning and de-provisioning in a large-scale environment

· Time to resolve security incidents

· Technical writing ability

Experience / Qualifications Required

• Cybersecurity certifications preferred
• AA or bachelor’s degree preferred
• Minimum of 2 years’ experience in IT security in an enterprise environment

SKILLS

• Working experience with provisioning cloud applications (e.g., S4/HANA, D365, etc.)
• Cybersecurity skills including analyzing vulnerability reports for determining a remediation plan.
• Technical writing including policy and procedural documents.
• Knowledgeable with MFA and authentication processes and protocols
• Familiarity with authentication services, as well as PKI and token/certificate-based authentication, DNS, and AD structure
• Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling, CIS)
• Understanding of security frameworks such as ISO 27001, NIST CSF, GDPR, etc.
• Meaningful hands-on experience with GRC tools and SAP is required.
• Security awareness and phishing campaign management and reporting
• Working knowledge of vulnerability management processes and KPI’s
• A thorough understanding of technology, tools, policies, and standards related to security systems and incident response
• Solid technical knowledge of Windows and networking environments

CORE COMPETENCIES

• Support onboarding/configuration of Disconnected and Connected application to Saviynt
• Support risk remediation and mitigation campaigns using Saviynt
• Support access reviews using Saviynt
• Support ruleset management in Saviynt
• Strong colorabation skills for working with application stakeholders on application security
• Ability to work in global time zones including NA, APAC, and EU as needed. Primary work will be in NA (Chicago)
• Ability to clearly communicate information security matters to managers, auditors, end users, and engineers
• Ability to quickly understand systems to identify and validate security requirements.
• Strong analytical skills, documentation creation skills (presentations and policies), and awareness of change management practices
• Handle highly confidential information in a strictly professional manner
• Able to work outside of regular business hours as required, working with different time zones regularly.
• Assist with interactions with business leadership and users to gather and document business and technical requirements (both functional and non-functional)
• Ensure proper documentation and traceability of the business requirements through the solution design and delivery process
• Provide problem resolution of customer issues reported via the IT Service Desk System
• Assist with updating and maintaining cybersecurity policies and standards in regard to compliance, education, and security awareness
• Willingness to learn and expand knowledge and capability in new areas as needed

Planning & Project Management

Plan and complete tasks, goals and projects with short to medium-term impacts, keep own and team's work aligned with business goals, accountable for completion of own and team’s tasks and goals, keep information organized and accessible, work systematically and efficiently, manage resources efficiently, create contingency plans

Business & Job Knowledge

Understand own and team's duties and responsibilities, has necessary technical skills, has necessary job and product/market knowledge, keep job and product/market knowledge current, understand and communicate policies and procedures applicable to self and team