Taguig City, Philippines
Job ID: 40198
JOB PROFILE NAME: Information Security Analyst
GJA JOB CODE: 152089
LOCAL JOB GRADE: L2
BUSINESS TITLE: Information Security Analyst
GRADE PROFILE: 100
JOB FAMILY>JOB GROUP: IT Security>Information Security
LOCATION/CITY/COUNTRY: Manila, Philippines
REPORTS TO: Michihiko Yasuda
TARGET TEAM SIZE:
PREPARED BY: David Lee
POSITIONS REPORTING TO THIS POSITION: 0
DATE PREPARED: February 6, 2020
Do not edit
Global Level Description
Established and productive professional individual contributor. Works independently with general supervision. Problems faced are difficult and may be complex. May influence others within the job area through explanation of facts, policies and practices.
Complexity and Contribution
Works on moderate to complex projects. Uses company standard policies and procedures to resolve a variety of issues.
Exercises judgment within defined procedures and practices to determine appropriate action. Receives moderate level of guidance. Work is reviewed for soundness of judgment and overall accuracy.
Minimum skills and Experience
General proficiency with various tools, systems, and procedures required to accomplish the job. May need to consult with Senior/Specialist staff members on some technical issues. A four year college degree (or additional experience in a related field) and 3 years functional experience including a minimum 1 year position specific experience.
JOB FAMILY SUMMARY
HRBP: Insert Job Family Summary from Job Catalog Guide
Design, install, manage, and implement business plans, policies and procedures to maintain systems, network, database and/or Web security; develop, implement, and maintain information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance; responsible for reporting, investigation, and resolution of data security incidents; analyze business needs and oversee security architecture, administration, and policy planning to lessen possibility of security breach; recommend enhancements to plug potential security gaps. Prevent IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property including: Designing, testing, and implementing secure operating systems, networks, and databases; Password auditing, network based and Web application based vulnerability scanning, virus management, and intrusion detection; Conducting risk audits and assessments, providing recommendations for application design. Monitoring and analyzing system access logs; Planning for security backup. Provide guidance and direction on best practices for the protection of information; ensure compliance with regulations and privacy laws. May oversee internal or external systems security (e.g., cloud services).
SPECIFIC JOB SUMMARY DESCRIPTION
The IS Security Operations Analyst is accountable for executing global and regional day to day security operations tasks which include but not limited to incident response, security breach, DNS request management, review of firewall change request, administration of network and/or endpoint security technologies, SIEM tools administration and change management.
The Security Operations Analyst will ensure operating environments are maintained to optimal performance and meet defined SLAs. Key success criteria in this position: in-depth understanding of global security best practices, good understanding of technologies such as host base AV, next generation firewalls, advance threat protection, intrusion detection/prevention systems, security tools architecture, Windows and Linux administration. This role will implement best practices, operational discipline and integrate appropriate changes as business needs require.
Job Qualifications and Educational Requirements
• Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on your own.
• 4 + years of experience in related field with at least 2 years in enterprise security. Good understanding of cloud security (Azure, 0365, AWS, GCP etc.) is desirable.
• Endpoint Security Management (Administration, Deployment, Operations) for security tools.
• Security Information and Event Management (SIEM) management experience is a plus.
• Hands on experience of NextGen Firewalls administration and best practice.
• Deep technical knowledge in IT technologies, operating systems, networking, database and global business experience.
• Deep understanding of security risks and threats as they relate to the company’s operating environments.
• Has exposure in creating technical documentation for security tools and procedures.
• Monitors the internal control systems to ensure that appropriate access levels are maintained.
• Demonstrate high competency working under pressure and executing multiple global projects at the same time.
• Strong enterprise security understanding.
• Understanding of ITIL and its practical application is nice to have.
• Demonstrated competency in managing third party providers in IS operations.
• Strong written and verbal communication skills to effectively interact with internal and external partners on all levels to resolve technical and business level discussions on security matters and provide solutions in a timely manner.
Page 1 of 1