Junior Information Security Analyst

This year we were rated top 100 firms to work for by Inside Public Accounting and Accounting Today. We are always looking for new team members who bring a fresh perspective, technical expertise, and a passion for solving problems. At Citrin Cooperman, we offer you the flexibility to take your career to the next level and still allow you to focus on what matters to you!

Position Responsibilities:

Reporting to the Director - Information Security Officer, the Information Security Analyst plays a crucial role in assessing and enhancing our Information Technology controls environment. The information Security Analyst will work with the team and will be responsible for various key functions within the InfoSec team, including:

• Daily Risk Management

• Actively participate in daily risk meetings, involving the comprehensive review of multiple intelligence sources, such including but not limited to, , CISA bulletins, Infragard flash reports, and more.

• Conduct thorough reviews and analysis of InfoSec alerts generated by various security tools to identify potential threats.

• Documentation and Compliance

• Assist in the creation of a documentation library, standardized templates, maintenance of the library/SharePoint site, and assist the team with completing current and prospective client due diligence questionnaires.

• Change Management Collaboration

• Regularly participate in weekly Change Management Meetings to coordinate technology related changes and updates effectively.

• Imaging and Deployment Expertise

• Assist the team with reviewing the current Windows desktop imaging standard.

• Participate in audits of the images.

• Collaboration and Partnerships

• Collaborate closely with internal teams to establish and maintain security controls for early detection and risk monitoring.

• Build relationships and liaise with external partners, vendors, internal groups, and the Security Information and Event Management (SIEM) system to assess security controls, provide guidance, and mitigate potential risks.

• Information Security Training Compliance

• Asist in the scheduling and monitoring compliance to the mandated monthly Information Security training, ensuring participation and reporting.

• Staff Education and Awareness

• Collaborate with the Information Security Officer to deliver educational sessions to staff on selected security related topics, fostering a culture of security awareness.

• Incident Response

• Demonstrate readiness to respond to security incidents, taking the lead or participating as required, day or night, including alerts from staff, Security Information and Event Management (SIEM) systems, or other monitoring systems.

• Business Continuity and Disaster Recovery Testing

• Actively participate in Business Continuity Planning (BCP) and Disaster Recovery (DR) Testing, meticulously documenting results, and assessing overall performance to ensure operational resilience.

• SOC Audit Preparation

• Contribute to the preparation and creation of necessary artifacts and work products for SOC (Security Operations Center) audits.

• Control Environment Assessment

• Collaborate closely with the team to design and execute strategic tests for assessing our control environment. These assessments will involve the use of specialized tools and applications.

• InfoSec Toolset Familiarity

• Gain a comprehensive understanding and familiarity with our current InfoSec toolset.

• Phishing Testing

• Assist in the coordination and execution of targeted phishing testing exercises to evaluate the organization's resilience to social engineering threats, working proactively to enhance security awareness.

Education:

• Bachelor's degree or equivalent professional experience

Experience:

• Minimum of 1 year of experience in systems administration, network monitoring, or computer and network systems.

• Minimum of 1 year of experience in the field of Information Security (InfoSec).

Communication Skills:

• Strong verbal and written communication skills.

• Interpersonal skills for effective collaboration within the team and communication with stakeholders.

Identity and Access Management: Active Directory

• Exposure and familiarity with active directory user permissions, groups, and domains.

• Understanding of IAM tools and concepts

• Understanding of Role-based Access Control methods (PIM, PAM).Password Management

• Understanding of Enterprise, Desktop, Cloud-based, and SSO password management and vaulting principles.

Network Security:

• Understanding/experience with network security architecture

• Understanding/experience with IPS/IDS, WAN, VPN, Routers, Firewalls, Ethical Hacks on LAN's.

SIEM SOC Technology:

• Understanding/experience with any managed or in-house SIEM.

InfoSec Tools:

• Experience with tools (i.e., virus/malware, CASB, DLP, Email, etc.).

Key Skills:

• Quick Decision Making: Ability to react quickly, decisively, and deliberately in high-stress situations.

• Motivated and Team-Oriented: A highly motivated individual with the ability to self-start, prioritize tasks, multitask effectively, and work collaboratively in a team setting.

Certifications:

• One or more of the following certifications are preferred:
• CISSP
• CISA
• GCIA

About Citrin Cooperman:

Citrin Cooperman is one of the nation's largest professional services firms. Since 1979, the firm has steadily built their business by helping companies and high net worth individuals find practical, actionable solutions to help them meet their short-term needs and long-term objectives. Citrin Cooperman clients span an array of industry and business sectors and leverage a complete menu of service offerings. Citrin Cooperman & Company, LLP, a licensed independent CPA firm that provides attest services and Citrin Cooperman Advisors LLC, which provides business advisory and non-attest services, operate as an alternative practice structure in accordance with the AICPA's Code of Professional Conduct and applicable law, regulations, and professional standards. The entities include more than 450 partners and 2,500 total professionals. Learn more about Citrin Cooperman here: www.citrincooperman.com

CC Disclaimer:

"Citrin Cooperman" is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients' business needs. The two firms operate as separate legal entities in an alternative practice structure. The entities of Citrin Cooperman & Company, LLP and Citrin Cooperman Advisors LLC are independent member firms of the Moore North America, Inc. (MNA) Association, which is itself a regional member of Moore Global Network Limited (MGNL). All the firms associated with MNA are independently owned and managed entities. Their membership in, or association with, MNA should not be construed as constituting or implying any partnership between them.

For positions in New York and California, the salary range is $65,000 -- $75,000. Actual compensation within that range will be dependent upon the individual's skills, experience, qualifications, and applicable laws.