Sr. IT Security Analyst

Palatine, IL

Apply Now


The Sr. IT Security Analyst is a senior member of the Information Security team and works closely with members of the broader IT Infrastructure team. This position is responsible for selecting, testing and deploying technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained. The ISM position requires a visionary leader with sound knowledge of business management and a working knowledge of information security technologies. The ISM will proactively work with business units to implement practices that meet defined policies and standards for information security. The ISM will also oversee a variety of IT-related risk management activities.


Essential Duties and Responsibilities

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
  • Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
  • Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  • Provide regular reporting on the current status of the information security program to enterprise risk teams, senior IT and business leaders and Audit Committee as part of a strategic enterprise risk management program.
  • Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
  • Develop and enhance an information security management framework based on industry standards such as: International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT and National Institute of Standards and Technology (NIST).
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
  • Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
  • Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Liaise among the IT team and corporate compliance, audit, legal and HR management teams as required.
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
  • Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
  • Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management. 



  • Minimum of eight to 10 years of experience in a combination of risk management, information security and IT jobs.
  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience.
  • Familiarity with major data security standards and regulations, such as Sarbanes-Oxley, PCI-DSS, HIPAA HITECH, ISO 27000 series, NIST SP800-53, NIST Cybersecurity Framework Core, FFIEC or DoD/DISA standards.
  • Understanding of IT governance and service management processes, including ITIL, CoBIT standards, DevOps execution methods and Lean / TQM process optimization methodologies.
  • Experience with general network and IT system administration, including Windows, Unix/Linux platforms, middleware platforms, such as databases and application servers, and underlying network and hardware infrastructure, as deployed in enterprise IT systems.
  • Project management skills, scheduling and resource management.
  • Ability to perform work process analysis with an eye toward automating or outsourcing non value-added work to ensure that the security team's overall work processes are continually optimized.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
  • Proficient in MS Excel, PowerPoint, Word, Project and Visio required
  • Experience with SAP landscape a plus

Apply Now