The primary roles as a Security Analyst for Stack Sports will be to ensure that information security risk is effectively managed, to manage compliance with IT regulations, laws, and industry standards, to develop and support security application and platform solutions, administer, develop, and identify security vulnerabilities and threat modeling, application penetration testing, countermeasures, and mitigations.
This position will report to the Director of Security. This individual will act as an internal security advisor for Stack Sports and be positioned to build a foundation of knowledge for a successful career. This individual needs to possess an unparalleled drive and work ethic in meeting new challenges on a daily basis.
- Develop and maintain vulnerability and patch management processes that ensures all hardware/software is accounted, monitored, and current on designated security standards, instituting a routine vulnerability assessment methodology that includes network, configuration, and application testing
- Refine and maintain a comprehensive information security strategy and drive implementation and awareness across Stack Sports
- Work with teams charged with risk management to ensure the scope and span of accountability for information security remains aligned with the overall corporate risk management framework
- Assist in performing periodic information security risk assessments and conducts related ongoing compliance monitoring activities in coordination with the company’s other compliance and operation assessment functions
- Lead investigations and report on security threats, violations, and other security incidents; conduct post event reviews of security incidents and actions not in compliance with processes
- Identify opportunities to deploy security technologies and process to enhance Stack Sports operations and competitive market position
- Implement security metrics covering incidents, risk, compliance, availability, and service
- Provide Tier II discovery and monitoring for security incidents and events, providing research and correlation among received events, following the Security Incident Response and Reporting Plan.
- Promote Security Awareness within the organization.
- Minimum of two years of security/infrastructure protection and IT experience
- Security+ certification
- Solid understanding of an IS multi-platform environment (UNIX, Windows, and Linux) operational/security considerations
- Solid understanding of cloud-based technology and infrastructure as a service.
- Proven track record of vulnerability mitigation
- Proven track record of developing information security processes that improve effectiveness, efficiency, and controls
- Solid knowledge of regulatory compliance, corporate security, and network policies and procedures
- Excellent verbal and written communication skills, with an emphasis in translating technical content for a non-technical audience
- Experience in a 24/7/365, multi-tiered production environment
- Experience with highly available technologies
- Knowledge of enterprise application technologies and architecture
- Necessary skills include flexibility, ability to work under tight deadlines, ability to handle multiple tasks through prioritization and time management skills, excellent communication, exceptional collaboration and organizational skills
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided