Information Security Operations Analyst

POSITION SUMMARY:

This role is needed to protect the company from cyber threats.



PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES

The Information Security Operations Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise.

Assesses information risk and facilitates remediation of identified vulnerabilities with the Benchmark Education network, systems and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies.

Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The IT Security/Risk Analyst assists in all IT audits, IT risk assessments and regulatory compliance.

Key responsibilities including but not limited to:

• Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise. · Address questions from internal and external audits and examinations.
• Develop policies, procedures and standards that meet existing and newly developed policy and regulatory requirements within but not limited to NIST framework
• Serve as project manager/lead within IT security projects.

INTERNAL & EXTERNAL CONTACTS

Internal Contacts: Daily contact with the ISG team and people in the region

External Contacts: Occasional interactions with 3rd party, vendors.

DECISION MAKING

• Individual will be responsible for advising employees about phishing sites, vulnerabilities and pen test reviews
• Phishing email support and security support for both commercial and supply

RESOURCEFULNESS/CREATIVITY

• Individual should be open to suggestions for productivity and provide any ideas to improve or streamline the operations

ENVIRONMENT

• Individual receives requests from all regions and is sometimes isolated because of the time zone differences

CORE VALUE

• Embrace PVH's core values: Individuality, Partnership, Passion, Integrity, and Accountability.

QUALIFICATIONS & EXPERIENCE

Education & Experience

• Bachelor's Degree, Information Systems, Computer Science, Information Security or related field required or work experience equivalent

Skills

• 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and regulators.
• 4+ years' experience in administering IT security controls in an organization.
• Knowledge of technical infrastructure, networks, databases, and systems in relation to IT Security and IT Risk.
• Experience with IPS/IDS and SIEM technologies.
• Certified Information Systems Security Professional (CISSP), or related certification.
• Prior experience working within an education organization preferred.
• Project management skills preferred.
• Windows workstation, MAC administration and server administration experience preferred.
• Prior experience performing security reviews and risk assessments preferred.
• Must be fluent in English and Chinese