IT Security Analyst in Garner, NC at Butterball

Date Posted: 11/10/2018

Job Snapshot

Job Description


The statements herein are intended to describe the general nature and level of work being performed by employees and are not to be construed as an exhaustive list of what is required of personnel so classified. They do not imply or establish a contract for employment and are subject to change at the discretion of the employer.  

Incumbents in this position are expected to perform the essential functions, tasks, duties, responsibilities, and physical requirements of this role with or without reasonable accommodation within the described work environment.  

Butterball, LLC is an equal opportunity employer and is committed to the fair and impartial treatment of all employees and applicants for employment without regard to gender, age, race, religion, color, national origin, physical or mental disability, military/veteran status, sexual orientation, gender identity and expression, genetic information, marital status, parental status, pregnancy, or any other status protected by law.

 

Position Purpose

The IT Security Analyst provides support for a variety of operational and consultative functions.  The IT Security Analyst helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, and availability of the organization’s information assets in accordance with legal, regulatory, and institutional requirements. The IT Security Analyst also acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with all plant, office, and management staff.

Responsibilities/Duties/Functions/Tasks

  • Conduct risk assessments, external and internal vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.
  • Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.
  • Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory requirements.
  • Use professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.
  • Manage vendor and consulting relationships to ensure service level agreements are established and met.
  • Oversee development and deliver security awareness training for the organization’s staff.
  • Respond to relevant service requests received from end users.
  • Provide reports and presentations on the status of security controls and industry trends to management and technical staff.
  • Work within the IT Management System and contribute to its continuous improvement
  • 24x7 on-call support rotation may be required.
  • Participate in other activities necessary to support the information security program.
  • Performs other related duties incidental to the work described herein.

Qualifications

  • Bachelor’s degree or equivalent experience in a related technical field
  • Minimum of 3 years of IT industry experience.
  • Must have a working knowledge of at least one of the following information security practices, standards, and systems:
    • Data Loss Prevention (DLP) systems
    • Encryption technologies and standards
    • Endpoint security software
    • SAP security (Rights, identifiers and profile development)
    • Governance, Risk, and Compliance (GRC) systems
    • Identity and Access Management (IAM)
    • Incident response practices
    • Network security (e.g. firewalls, IDS/IPS, VPN, etc…)
    • Risk assessment practices
    • Security Information Event Management (SIEM) systems
    • Vulnerability management practices and scanning tools
  • Must have a working knowledge of at least one of the following regulatory compliance requirements and IT management frameworks:
    • SOC
    • ITIL
    • NIST SP800-53 and related standards
    • CIS Critical Security Controls
  • The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
    • A broad understanding of multiple IT disciplines and technologies
    • Basic knowledge of SAP Security Weaver security
    • Strong focus on customer satisfaction
    • Strong written and oral communication skills
    • Strong critical thinking, analytical, and problem solving skills
    • Able to troubleshoot problems in complex technical environments
    • Able to work independently or as part of a team as necessary
    • Able to effectively prioritize tasks with competing deadlines
    • Able to maintain a positive attitude in challenging circumstances
    • Self-starter who is able to work with minimal direction
    • Able to work effectively across multiple technical disciplines
    • Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties

Preferences

  • An information security industry certification (e.g. CISSP, CISM, CISA, CEH, or equivalent).
  • A technical or management certification (e.g. MCSE, CCIE, or PMP).
  • Epic-related certifications (e.g. Security Coordinator).
  • Experience with SAP's role-based security concepts

Not Ready to Apply?

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.