Overall Summary: As a member of the Security Team, the Security Analysts are responsible for the management of the governance, risk, and compliance aspects of AAA Northeast.
The Security Analyst provide security recommendations on projects across the Club and ensure that the Club stays compliant with its various regulations and standards.
Summary: The Security Analyst II will support the risk management, audits, and compliance programs at AAA Northeast. They will lead some of the initiatives carried by the team of Security Analysts. Those programs align with various standards like NIST, PCI-DSS, as well as the AAA Cyber Security Quality Standard and include the vulnerability and threat intelligence management.

• Manage compliance with various IT standards and regulations by:
  • Tracking compliance with the standards
  • Identifying gaps between our current controls and the requirements and tracking the action
  • Providing guidance to the security engineers and the business lines to implement the necessary controls
  • Organizing and assisting external auditors with their assessment of the AAA Northeast compliance or security posture
  • Providing dashboards and status updates for the management
• Oversee the vulnerability management process by:
  • Managing and assessing the efficiency of the vulnerability management process (including patch management)
  • Collaborating with other teams to implement the relevant remediations
  • Assessing the efficiency
  • Providing dashboards and status updates for the management
• Participate in the risk management operations by:
  • Completing necessary third-party vendor due diligence documentation
  • Providing security analysis of the risks and threats during projects and recommendations on the security controls needed to meet AAA Northeast security expectations and requirements
  • Developing regular and automated controls of the infrastructure to ensure that the security baseline is met and that services do not deviate from it
  • Recommending specific areas to focus on and audit
• Become a key reference for our internal partners when it comes to security and compliance by:
  • Partnering with all levels of IT and Business Line management to ensure that security testing is conducted in a cooperative, timely and efficient manner
  • Collecting business lines needs and specific risks to take into account in our risk management program

Education:

• Associates in Computer Science, Business Analytics, or other related field
• Bachelor's preferred

Certifications Preferred:

• CompTIA Security+, CISSP, or other security certifications are a plus
• The position is required to get at least its CompTIA Security+ during the first year of employment

Experience:

• 3+ years related IT experience, preference for information security or risk management

Skills:

• Ability to travel domestically.
• Ability to work occasional off hours as well as part of a 24x7 on-call rotation

Technical Skills:

• Knowledgeable in vulnerability management and assessment technologies (i.e. vulnerability scanners)
• Knowledgeable in information security risk and threat assessment
• Ability to think analytically, communicate complex issues, and develop control recommendations
• Knowledgeable regarding technology auditing control disciplines including thorough and general knowledge in security and one or more relevant areas of technical specialization; application development, change management, or operations
• Effective written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism
• Ability to work independently, set project goals, and achieve milestones with minimal direction
• Ability to work collaboratively, across teams, driving toward common goals, and working within standardized processes"