Information Security Analyst

Company

Doctors Without Borders/Médecins Sans Frontières (MSF) is an international humanitarian organization that delivers impartial medical care to people affected by conflict, epidemics, disasters, or exclusion from health care in over 70 countries.

We welcome candidates who bring a wide variety of backgrounds and experiences to join us in working toward MSF’s common mission.

 

Department

The Systems Department in the U.S. office of Doctors Without Borders/ Médecins Sans Frontières (MSF) acts like the organization's central nervous system, providing the vital information infrastructure to ensure the smooth functioning of all its operations. The Systems Department is responsible for building, configuring and maintaining the technical architecture, both physical and virtual, which ensures MSF can achieve the ambitions of its mission.

 

Project

The Information Security Analyst is a core member of the Systems team and reports to the Information Security Manager and works with other team members to develop and implement a comprehensive information security program.

This includes documenting security policies, processes, data flows, and standards, assisting with the implementation of governance risk and compliance tools, and coordinating security operations needs between the managed security service providers and infrastructure team.

The Information Security Analyst works with the IT team to assess and deploy required technical controls to meet specific security requirements. In addition, the Security Analyst also monitors the controls to ensure that security configurations are maintained as per developed policies and procedures.

 

Tasks

 

Information Governance Risk and Compliance

  • ​​​​​Assis​​​​​​​t in the development and ongoing maintenance of policies, procedures, and documents required to maintain all information security compliances.
  •  Perform risk assessments and audits to ensure that information systems and infrastructure are protected to meet all requirements and associated controls.
  • Develop reports, track, and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
  • Develop reports, track, and maintain action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans
  • Document compliance data flows and inventories as per applicable regulatory standards including GPDR and PCI
  • Works with network specialists, application managers, and develop procedures to enforce security requirements and address identified risks.
  • Support in propagating an effective compliance education, awareness, and communication program for the organization
  • Supports the development of IT risk management workflows by implementation and roll-out of governance risk and compliance tool
  • Keeps abreast of current information through formal/informal training and researches the latest technologies and innovations critical to maintaining successful security compliance levels

Security Operations

  •  Act as a security operations coordinator between the systems team and managed security service providers to implement security monitoring services and incident response procedures.
  •  Assist in resolving queries and challenges of routine work of security controls monitoring procedures. i.e., vulnerability scanning, penetration testing, log reviews, phishing simulations, etc.
  •  Gather and support information for IT Disaster Recovery/Business Continuity plans

 

Qualifications

Required

  • Minimum 1-3 years related work experience plus bachelor’s degree or technical equivalent.
  • At least 1 year of experience as an analyst in Information Security, Risk, Compliance or having equivalent training and certification
  • Proficient in Microsoft Office Suite
  • Strong knowledge of process flows documentation and use of Visio
  • Awareness of JIRA and Atlassian collaboration tools
  • Familiarity with vulnerability scanning and security testing tools
  • Knowledge of compliance Frameworks
  • Project Management Skills familiarity
  • Familiarity with IT GRC tools

 

Preferred

  • Familiarity with information security management frameworks, such as [International

      Organization for Standardization (ISO) 2700x and the ITIL, COBIT, PCI and National

      Institute of Standards and Technology (NIST)] frameworks.

  • Security Certifications

 

 

Type

HQ

 

Pay Class

Full Time Exempt

 

Contract Type

Open ended Contract

 

Additional Information

Salary mid 70s to low 80s (commensurate with experience) 

 

Desired Hiring Date

March 2, 2020

 

Working Time %

100,00

  

How to Apply

To apply, send cover letter and resume to: employment.msfusa@newyork.msf.org,

ATTN: “Information Security Analyst” position

Submissions without cover letter will not be reviewed. No phone calls please.

Please note that relocation assistance and visa sponsorship will be offered for this position.

Application Deadline: January 24, 2020