**Job Title:** **Security Analyst** Role and Responsibilities The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards, regulations, and policies. The Security analyst will be professional, independent, impartial, and fair in all interactions. + The security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units’ information, applications, and infrastructure. + Resource will perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps and vulnerabilities. + This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units. + Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as, and not limited to: + IPS/IDS alerts; change detection (FIM) alerts + application firewall alerts; malware alerts + rogue wireless network alerts + security system health alerts; exploit attempt alerts + Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to: + audits of system security to ensure compliance with Corporate security framework + NIS 2, NIST 800-53, ISO 27001/2, PCI-DSS + emerging country, state, and Federal privacy laws + Primary POC in a vulnerability management program of the account that includes: + external and internal vulnerability scans of applications and systems + external and internal penetration tests of applications and systems + documentation and remediation of identified vulnerabilities and exploits + routinely monitoring various communication avenues for security vulnerabilities and security patches + taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments + making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities + Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement + Acts as the initial point of contact to facilitate the handling of security audits and client requests + Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies + Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units Qualifications and Education Requirements + CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus. + Minimum of Five (3 to 5) Years of experience in IT Security compliance, or Security Auditing is required. + Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc. + Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures + Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls. + Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter. + Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences. + Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks). + Experience in PowerPoint, Word, Excel; experience with Visio and MS Project. + Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations. + Familiarity with security, workflow, and collaboration tools such Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus + Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally Preferred Skills + Creating and Maintaining NIST 800-53-rev5 based SSP and POAM Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).