Information Security Business Analyst

Under the direction of the VP, Information Security, the Information Security Business Analyst (ISBA) will review, analyze, and evaluate information security applications, business processes, and user needs. The ISBA will identify all opportunities for process improvement related to information security at Talbots. In particular this role will be managing Talbots compliance with the Center for Internet Security (CIS) Top 20 Security Controls. The ISBA will also be responsible for managing and tracking Talbots PCI Compliance through the annual compliance attestation process under the guidance of the Director of Information Security. This includes ensuring that all periodic reviews are completed accurately, and on time. It is expected that the ISBA be able to implement some of the technical controls using the Splunk application. Responsibilities include but are not limited to: Document all information securityprocesses and recommend improvements where needed. Implement improvements related to information securityprocesses, tools, and compliance activities. Implement controls needed to maintain compliance with the CIS Top 20 Security Controls. Manage the implementation of Continuous Compliance. Stay current with corporate policies, US, Canada, state and provincial security regulations.  Be an information security representative on projects and represent security requirements during the project. Be familiar with a secure networkinfrastructure including the design of network segmentation, firewall policies, and configuration of security devices.  Research and identify industry information security best practices and help develop an action plan for executing changes as needed to enhance system security and ensure the integrity of the Talbots information.  All other information security duties as assigned.  Qualifications Bachelor's degree in Business, Computer Science, Finance, or other related business discipline preferred, or equivalent work experience.  5+ years in business analysis. CRISC and PMP preferred. Experience with US laws and regulations such as GLBA, Massachusetts Privacy Act, and FISMA. Experience in a PCI Compliance environment Experience in Cloud computing is a plus. Experience with security disciplines including Information Security, Data Privacy, and Regulatory Compliance. 4492
Salary Range: NA
Minimum Qualification
5 - 7 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.