IT Security Analyst

The information technology staff enable Cavco employees to leverage data and systems to perform their roles, improve efficiency of the organization, reduce costs, and extend sales and marketing opportunities. The Information Security Analyst is responsible for supporting the development and implementation of security policies, configurations, employee awareness training, and threat response. This role works independently executing process steps, conducting analysis, problem solving and delivering recommendations.

Essential Duties & Responsibilities

• Provide information security awareness training to organization personnel
• Support information security audits, whether by performed by organization or third-party personnel
• Assess current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvement
• Implement and oversee technological upgrades, improvements and major changes to the information security environment
• Communicate information security goals and new programs effectively with other department managers within the organization
• Monitor the organization’s networks for security breaches and investigate violations when they occur and resolve and notify as required
• Help to design, implement, and maintain the organization’s cyber-security plan(s).
• Develop and direct implementation of security standards and best practices for the organization including benchmarking with CIS controls
• Direct the installation and use of security tools (e.g., firewalls, data encryption), to protect sensitive information
• Develop and maintain documentation for security systems and procedures.
• Create and maintain network security diagrams
• Monitor system logstools and network traffic for unusual or suspicious activity, interpret such activity and make recommendations for resolution
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Assist in the security management of firewalls, intrusion detection systems, switches and routers
• Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization
• Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
• Manage and coordinate operational components of incident management, including detection, response and reporting
• Maintain or subscribe to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
• Other security related tasks as specified by the Director of IT

Minimum Qualifications

• At least 2 years experience in IT security and or data assurance management
• 2 years experience project management
• Strong written and verbal communication skills