Company
Doctors Without Borders/Médecins Sans Frontières (MSF) is an international humanitarian organization that delivers impartial medical care to people affected by conflict, epidemics, disasters, or exclusion from health care in over 70 countries.
We welcome candidates who bring a wide variety of backgrounds and experiences to join us in working toward MSF’s common mission.
Department
The Systems Department in the U.S. office of Doctors Without Borders/ Médecins Sans Frontières (MSF) acts like the organization's central nervous system, providing the vital information infrastructure to ensure the smooth functioning of all its operations. The Systems Department is responsible for building, configuring and maintaining the technical architecture, both physical and virtual, which ensures MSF can achieve the ambitions of its mission.
Project
The Information Security Analyst is a core member of the Systems team and reports to the Information Security Manager and works with other team members to develop and implement a comprehensive information security program.
This includes documenting security policies, processes, data flows, and standards, assisting with the implementation of governance risk and compliance tools, and coordinating security operations needs between the managed security service providers and infrastructure team.
The Information Security Analyst works with the IT team to assess and deploy required technical controls to meet specific security requirements. In addition, the Security Analyst also monitors the controls to ensure that security configurations are maintained as per developed policies and procedures.
Tasks
Information Governance Risk and Compliance
- Assist in the development and ongoing maintenance of policies, procedures, and documents required to maintain all information security compliances.
- Perform risk assessments and audits to ensure that information systems and infrastructure are protected to meet all requirements and associated controls.
- Develop reports, track, and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
- Develop reports, track, and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
- Document compliance data flows and inventories as per applicable regulatory standards including GPDR and PCI
- Works with network specialists, application managers, and develop procedures to enforce security requirements and address identified risks.
- Support in propagating an effective compliance education, awareness, and communication program for the organization
- Supports the development of IT risk management workflows by implementation and roll-out of governance risk and compliance tool
- Keeps abreast of current information through formal/informal training and researches the latest technologies and innovations critical to maintaining successful security compliance levels
Security Operations
- Act as a security operations coordinator between the systems team and managed security service providers to implement security monitoring services and incident response procedures.
- Assist in resolving queries and challenges of routine work of security controls monitoring procedures. i.e., vulnerability scanning, penetration testing, log reviews, phishing simulations, etc.
- Gather and support information for IT Disaster Recovery/Business Continuity plans
Qualifications
Required
- Minimum 1-3 years related work experience plus bachelor’s degree or technical equivalent.
- At least 1 year of experience as an analyst in Information Security, Risk, Compliance or having equivalent training and certification
- Proficient in Microsoft Office Suite
- Strong knowledge of process flows documentation and use of Visio
- Awareness of JIRA and Atlassian collaboration tools
- Familiarity with vulnerability scanning and security testing tools
- Knowledge of compliance Frameworks
- Project Management Skills familiarity
- Familiarity with IT GRC tools
Preferred
- Familiarity with information security management frameworks, such as [International
Organization for Standardization (ISO) 2700x and the ITIL, COBIT, PCI and National
Institute of Standards and Technology (NIST)] frameworks.
- Security Certifications
Type
HQ
Pay Class
Full Time Exempt
Contract Type
Open ended Contract
Additional Information
Salary mid 70s to low 80s (commensurate with experience)
Desired Hiring Date
March 2, 2020
Working Time %
100,00
How to Apply
To apply, send cover letter and resume to: employment.msfusa@newyork.msf.org,
ATTN: “Information Security Analyst” position
Submissions without cover letter will not be reviewed. No phone calls please.
Please note that relocation assistance and visa sponsorship will be offered for this position.
Application Deadline: January 24, 2020