Sr Information Security AnalystApply Now
The Senior Information Security Analyst provides team and project leadership for the Identity & Access Management team in Information Security. They provide subject matter expertise in Information Security disciplines focused on Identity and Access Management. The Senior Information Security Analyst is responsible for administering system access and leading and executing various projects and initiatives relating to identity and access management. The Sr. Information Security Analyst conducts detailed research and analysis to identify root cause and resolve issues and provides guidance to staff working under their supervision. Responsibilities also include researching, testing, developing, and implementing new security solutions in support of the corporate information security mission.
A Senior Information Security Analyst will have:
- A well-developed understanding of Information Security concepts, principals, and industry “Best Practices”
- Well-developed communication skills, both verbal and in writing
- Experience writing policies, procedures, guidelines and technical documentation
- Strong project management experience and the ability to lead project teams
- High attention to detail
- Solid analytical skills to collect and analyze data, problem solve, and make decisions
- Ability to rapidly adapt to changing business requirements
- Ability to efficiently acquire and utilize new skills in response to change
- Technical expertise in at least three of the following areas:
- Identity Management (Provisioning and Workflow Processes)
- Access Management (Authentication and Entitlements)
- System Security (Active Directory, Azure, LDAPS, Exchange)
- Database Security (Microsoft SQL Server and Oracle)
- Role-Based Access Control
- Security and Risk Management (security governance principles, risk management concepts, policies)
Essential Job Functions:
Identity and Access Management Operational and Technical Support
- Oversee identity and access management processes and provide direct support and guidance to junior staff who support, administer, and maintain security systems.
- Work closely with team members from IT and business areas to ensure new applications, systems, and processes meet Navient’s identity and access management requirements.
- Establish, document, and monitor controls for user access policies and procedures.
- Lead the evaluation and assessment of security products and vendors and make recommendations based on findings.
- Develop and maintain detailed support documentation and procedures regarding identity and access management systems and processes used to protect corporate resources.
- Provide ownership and direction for assigned technologies or areas of responsibility.
- Oversee internal risk assessments and reviews of third-party service providers, subsidiaries, and partners to ensure Navient’s identity and access management policies and controls are being followed. Develop and execute remediation plans for any identified issues.
- Provide audit documentation and root cause analysis remediation plans regarding audit concerns/findings, audit tracking, and audit coordination.
- Oversee security acceptance testing for user administration.
Information Security Project Management
- Develop detailed project plans in support of assigned projects. Commit to and meet deadlines in both quality and time.
- Provide project team leadership for identity and access management initiatives and work as part of a project team with other IT areas to ensure the necessary security tools, technologies, and solutions are in place to meet the Information Security mission.
- Develop detailed system security documentation, process flows and administration manuals for computer security systems, servers, applications and utilities.
- Lead junior Information Security Analysts ensuring service levels and quality is met,
- Provide direction regarding day-to-day operational items relating to identity and access management as required.
Security Assessments, Risk Evaluations and Compliance Support
- Develop, oversee and complete security product and vendor assessments and evaluations, make recommendations and coordinate product implementations.
- Develop security acceptance test plans and conduct security acceptance testing.
- Conduct audits, risk assessments, and reviews of third-party service providers, subsidiaries and partners who wish to connect to the corporate network.
- Provide support for internal and external audit reviews and examinations.
- Assess and quickly resolve technical security problems related to areas of assigned responsibility while understanding the risk and exposure to the business.
- Provides direction, consultation, and training for information security staff and emergency after hours support as required in support of the business.
- Be part of a team that provides after hour and weekend support on a rotational basis to respond to priority issues that occur outside of the normal business day.
- Assist in developing training and security awareness programs.
- Conduct liaison with external security groups and information security professionals of other local businesses, industry groups and other organizations.
- Travel to remote offices and affiliates to support all Navient operations as needed.
- Perform other duties and special projects as required.
- Bachelor’s degree OR additional equivalent experience above the required minimum may substitute.
- A minimum of 6 years progressive experience working in Information Technology with at least 2-3 years of direct, hands on experience in systems security management, security administration, systems audit, or security compliance OR additional equivalent education above the required minimum may substitute.
- A minimum of 1 year of team lead experience, developing and mentoring staff
- A minimum of 2 years managing projects including developing and tracking detailed project plans in support of assigned projects and providing project team leadership.
- Must have working knowledge of SailPoint including maintaining the entitlement catalog, on-boarding new applications, staging and activating certifications, and researching task failures.
- Must understand information security concepts, protocols, industry best practices, and strategies. Experience with industry regulatory requirements and working with internal and external audit staff is required.
- Must have business experience, understand business drivers, and be able to translate business needs into workable project plans.
- Leadership and analytical skills are critical. Must be focused, energetic, meet commitments, be willing to take ownership, have excellent judgment and integrity.
- Exceptional organizational and time management skills. The ability to manage multiple projects, priorities, and people while ensuring strategic focus is maintained to accomplish department goals and business objectives
- Excellent oral, written, and interpersonal communication skills, including the ability to communicate effectively with project and application development teams, management, and clients is a must.
- Ability to deal with a wide range of people including IT technical analysts and architects, IT Managers/Directors, business unit management, and senior executives.
- A highly motivated self-starter. Ability and willingness to work flexibly, under pressure and able to meet deadlines without prompting.
- A team player who understands how to build consensus and who can motivate and manage others, and ensure assigned tasks and deliverables are being accomplished, reported, and completed.
- This position may require travel
- This position will support a federal government contract. Applicants must be able to obtain Public Trust security clearance as required of federal government contractors to include a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. For this level of clearance, applicants must possess U.S citizenship
All offers of employment are contingent on standard background checks. Navient and certain of its affiliated companies are federal, state and/or local government contractors. Should this position support a Federal Government contract, now or in the future, the successful candidate will be subject to a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. Positions that support state and/or local contracts also may require additional background checks to determine eligibility and suitability.
EOE Race/Ethnicity/Sex/Disability/Protected Vet/Sexual Orientation/Gender Identity. Navient Corporation and its subsidiaries are not sponsored by or agencies of the United States of America.
Navient is a drug free workplace.