Listing Description

The Information Technology (ITS) department at Charles River Associates is currently a team of 30 professionals dedicated to enhancing, maintaining, and developing the firm's technology infrastructure and security. The team is comprised of three functions: Desktop & Telecom, Enterprise Application Solutions, and Information Technology Services. Information Technology staff are based in the Boston, Chicago, London, New York, Oakland, and Washington, DC offices.

Job Overview

The Information Security Analyst will be responsible for assisting the Information Security Team in maintaining a security program using data-driven methods that focus on organization and situation specific results. In this role, the Information Security Analyst will assist with the execution of security objectives that cover administrative, technical, and physical security controls to reduce risk and meet compliance requirements. The Information Security Analyst will also collaborate with Director of Strategy and Architecture and Information Security Manager on initiatives such as Risk Assessments, Incident Response, Security Testing, Vulnerability Management, and User Awareness training. This position will report to the Director of Technology Strategy and Architecture. The individual will be charged with maintaining and improving security and audit controls. The individual will assist with periodic audits as well targeted audits for our clients. The audits will include certification, network and application testing protocols. This position will be virtual to start and will eventually be located in Boston, MA.

Job Responsibilities 

• Provide responses to security assessments received from clients, and document remediation plans


• Assist in IT Audit function to ensure the firm is maintaining regulatory and contractual compliance (eg. SSAE 18 and SOX, HIPAA, GDPR and client contracts)


• Assist with reporting on the metrics to measure the effectiveness of security controls


• Assist with vulnerability management program


• Maintain centralized log management


• Assist with security projects


• Assist with policy maintenance and review


• Assist with Incident Response and investigations


• Assist with auditing and controls on internal systems and processes


• Assist with user awareness training and phishing exercises


• Stay current with information security trends and standards


• Perform other miscellaneous duties as assigned by management


• Ability to relate business requirements and risks to the implementation of policies and technologies.


• Knowledge of one or more formal risk assessment methodologies such as FAIR or NIST.

Qualifications

• Bachelor’s Degree in cyber security, computer science, information technology, or related field


• 2 years of successful progressive experience in information security or auditing


• Experience with third party risk management programs (questionnaires and review)


• Experience with vulnerability management tools and running a vulnerability management program


• Experience with SIEM tools


• Experience with information security standards such as ISO27001, SOC2, HITRUST


• Security certifications preferred. (CISSP, CISM, CISA, CEH, etc.)


• Experience working with IT infrastructure, cloud and mobile technologies, directory services, security infrastructure (including SIEM, firewalls, intrusion detection/prevention systems, vulnerability management systems, web application firewalls, remote access, PKI, cryptography, application and data security management systems)


• Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred


• Proficient in IT control areas (i.e., change management, SDLC, Operations)


• Demonstrated experience overseeing the continuous monitoring and protection of information systems and tracking security metrics


• Demonstrated experience in communicating effectively in written and spoken form to broad internal and external entities including non-technical executives, corporate officers, business colleagues, auditors, external business executives, product and service vendors and external peers


• Experience with supporting a Global Company with a distributed user group preferred


• Proficient with Office Applications, excel, PowerPoint, Word and producing reports and graphs for management

Our Commitment to Diversity

Charles River Associates is an equal opportunity employer. As part of our focus on equity and inclusion, we work to ensure a fair and consistent hiring process. We celebrate diversity and we are committed to an inclusive work environment.

About Charles River Associates

For over 50 years, Charles River Associates has been a premier consulting firm that offers employees a place to learn from a diverse group of consultants, industry experts, and academics.  At CRA you will be exposed to leading minds who use economic, financial, and business analysis to solve complex world problems for an impressive roster of clients, including major law firms, Fortune 100 companies, and government agencies. Through a collegial environment, formal and informal training opportunities, and a broad array of professional development resources, your experience at CRA will open doors for you throughout your career.

Work Location, Flexibility, and COVID Safety

We believe that an in-person environment provides the best opportunity for CRA to deliver on its promise of career growth and development for all colleagues. As we transition back to our offices, we will continue to monitor local government and regulatory guidance and adapt our safety guidelines, including proof-of-vaccination requirements, accordingly.  We provide our colleagues with the day-to-day flexibility to periodically work from home.  For those who begin the interview process with CRA, your recruiting point of contact will be available to answer any questions about work location and COVID safety 

The statements included in this job description are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Charles River Associates is an Equal Opportunity and Affirmative Action Employer (EEO/AAE)