Compensation Range:
$90,000 - $105,000 annual salary based on experience and geographic location
Preferred Education:
4 Year Degree/Bachelor Degree
Additional Information:
Telecommuting is allowed.
Internal Number: QSA-08-2024
Information Security Analyst
Information Security Analysts have an in-depth understanding of information security with the ability to quickly understand a client’s business environment and security requirements. This knowledge must be coupled with an in-depth understanding of at least one of today's leading information security frameworks: PCI DSS, HIPAA/HITECH, GLBA, or ISO 27001. The Analyst must use this knowledge to audit and assess a client’s security posture as it relates to business drivers and ascertain compliance with established security and privacy requirements. Analysts must present clear findings to the client in written and verbal form.
Compensation Range:
$90,000 - $105,000 annual salary based on experience and geographic location
Benefits:
Dara offers a full benefits package. We pay 100% of employee premiums for healthcare insurance (medical, dental, vision), offer a 401k plan with company match, Profit Sharing Plan, certification/training bonuses, monthly internet expense reimbursements, well-being expense reimbursements, personal days off in addition to earned Paid Time Off, and opportunities to earn top-level industry certifications.
Work Authorization, Location and Schedule:
Candidates must be legally authorized to work in the United States and be able to pass a background check. This is not a position for which sponsorship will be provided. This full-time position is 100% remote and requires the ability to work well independently to complete projects accurately & on time. The role requires occasional travel to client locations both within and outside of the United States. Hours of work may vary and depend on the project assigned to the analyst.
Required Certifications (must be current and not expired):
One of the following information security designations: (ISC)2 CISSP, ISACA CISM or ISO 27001 Lead Implementer
AND
One of the following auditing designations: ISACA CISA, GIAC GSNA, ISO 27001 Lead Auditor, ISO 27001 Internal Auditor, IRCA ISMS Auditor (or higher), or IIA CIA
Education Requirements:
Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science or related field, or equivalent experience
Job Duties:
Conduct PCI assessments and gap analyses
Perform auditing techniques and procedures that support assessment findings
Create quality, customized reports that detail the client’s control environment and assessment findings
Formulate a roadmap of actionable steps for improving the client’s security posture and/or achieving compliance
Effectively communicate complex technical information to a variety of audiences, including executive level and technical decision-makers
Interact with customers to schedule and perform activities as detailed in SOWs
Consult with clients to help them understand assessment findings and remediation options
Work with Sales Professionals and customers to provide presales and scoping assistance as needed
Develop subject matter expertise across various industries focusing in information security and privacy requirements
Consistently update Dara Security’s CRM and work management platforms to ensure accurate tracking of project activities
Experience Requirements:
Minimum two years of recent experience in a role conducting internal IT audits, external IT audits or leading PCI DSS assessments
Minimum two years of recent experience in an information security role
Minimum one year of recent experience with Payment Card Industry (PCI) compliance activities
Demonstrated English language proficiency that enables clear written & speech expression, proficient reading, and verbal comprehension
Solid understanding and execution of audit procedures
Detail-oriented with excellent time management, organization, follow-up, and follow-through skills
Familiarity / general networking knowledge with various security control processes, technologies & solutions, including cloud security, vulnerability management, firewalls, IAM, SIEM, EDR, IDS/IPS, DLP, AV, FIM, WAF, cryptography, software development, networking, communication protocols, etc.
Proficient with MS Word, MS Excel, and PowerPoint
Ability to handle interruptions in a challenging environment
Team player with a positive attitude who can independently complete projects with minimal management oversight
Driven to learn new technologies and audit techniques
Preferred Qualifications:
Current (not expired) PCI QSA certification
Current PCIP certification
Required Certifications (must be current and not expired):
One of the following information security designations: (ISC)2 CISSP, ISACA CISM or ISO 27001 Lead Implementer
AND
One of the following auditing designations: ISACA CISA, GIAC GSNA, ISO 27001 Lead Auditor, ISO 27001 Internal Auditor, IRCA ISMS Auditor (or higher), or IIA CIA
Education Requirements:
Bachelor's degree in Information Security, Cybersecurity, Information Technology, Computer Science or related field, or equivalent experience
Job Duties:
Conduct PCI assessments and gap analyses
Perform auditing techniques and procedures that support assessment findings
Create quality, customized reports that detail the client’s control environment and assessment findings
Formulate a roadmap of actionable steps for improving the client’s security posture and/or achieving compliance
Effectively communicate complex technical information to a variety of audiences, including executive level and technical decision-makers
Interact with customers to schedule and perform activities as detailed in SOWs
Consult with clients to help them understand assessment findings and remediation options
Work with Sales Professionals and customers to provide presales and scoping assistance as needed
Develop subject matter expertise across various industries focusing in information security and privacy requirements
Consistently update Dara Security’s CRM and work management platforms to ensure accurate tracking of project activities
Experience Requirements:
Minimum two years of recent experience in a role conducting internal IT audits, external IT audits or leading PCI DSS assessments
Minimum two years of recent experience in an information security role
Minimum one year of recent experience with Payment Card Industry (PCI) compliance activities
Demonstrated English language proficiency that enables clear written & speech expression, proficient reading, and verbal comprehension
Solid understanding and execution of audit procedures
Detail-oriented with excellent time management, organization, follow-up, and follow-through skills
Familiarity / general networking knowledge with various security control processes, technologies & solutions, including cloud security, vulnerability management, firewalls, IAM, SIEM, EDR, IDS/IPS, DLP, AV, FIM, WAF, cryptography, software development, networking, communication protocols, etc.
Proficient with MS Word, MS Excel, and PowerPoint
Ability to handle interruptions in a challenging environment
Team player with a positive attitude who can independently complete projects with minimal management oversight
Driven to learn new technologies and audit techniques
Dara Security is an award-winning information security firm, partnering with clients to find network vulnerabilities and offering solutions for protecting information assets and ensuring industry-specific regulatory compliance. We specialize in PCI SSC assessments and network penetration testing for domestic and international clients.