Sr. Analyst, Information Security at The Segal Company (Eastern States), Inc. in New York, New York

Job Description:

For nearly 80 years, Segal has been providing employee benefits, retirement plan investment advisory and human resources consulting for multiemployer trust funds, corporations and public sector organizations. Segal is an independent, privately and employee-owned firm. Our independence allows us to provide unbiased consulting services for our clients. Headquartered in New York City, Segal has offices throughout the United States and in Canada. We are a smaller organization that provides a more intense and broader exposure for development purposes within a culture that is highly collegial and team-oriented. You will work with colleagues who are smart, professional, talented and...nice people. We offer a competitive pay and benefits package that includes a defined benefit and matching 401(k) retirement plans.

The Senior Information Security Analyst will implement and support Segal's Information Security Program. The role will interface with colleagues throughout the organization including the Technology and Security Services group within IT, as well as IT Applications. In addition, the Information Security Analyst will collaborate with, and serve as a resource and advisor to Segal's Data Security Committee and its members, and to Segal as a whole.

Responsibilities:

• Support Segal’s Access Management Program initiatives and evolution.


• Support Segal’s Vendor Risk Management Program initiatives and evolution.


• Interface with clients as warrented to represent Segal’s Information Security program and capabilities in correlation to client requirements.


• Coordinate and track Information Security related third party audits and assessments (e.g. SOC2, HIPAA Security Rule Compliance, penetration and vulnerability tests) including scope of audits, timelines, and outcomes.


• Generate and maintain Information Security reporting metrics including preparing metrics for presentation to senior company management.


• Support Segal’s Data Loss Prevention (DLP) program including program evolution, event investigation, and metrics generation.


• Leverage auditing controls and processes to evaluate ongoing compliance with regulatory and client requirements which include but are not limited to: SOC2, NYSDFS, DOL Cybersecurity Guidelines, as well as Segal Information Security Policies and Procedures.


• Generate and maintain status reports and metrics on any required remediation efforts that result from Risk Assessments, Analysis, Vulnerability, and Penetration Assessments.


• Coordinate with Technology and Security Services and IT Applications management to ensure technical systems and controls are aligned with Segal and client information security goals and requirements.


• Contribute to the development, maintenance, and delivery of information security awareness content and programs.


• Create, develop and maintain comprehensive information security documentation, and policies and procedures to be leveraged in responding to client and auditor security inquiries, as well as for Segal marketing purposes.


• Provide project management for security related projects including but not limited to policies and procedures development, proposal language maintenance and audits.


• Serve as an integral part of the IT Computer Security Incident Response Team (CSIRT). Coordinate Incident Response procedures including but not limited to identification, fact gathering, and documentation.


• Monitor, investigate, interpret, correlate and evaluate Information Security alerts that are generated by Segal’s various Security infrastructure components and services.


• Monitor IT security industry trends, issues, and emerging technologies. Advise, counsel, and educate IT management on their relative importance and impact.

Experience:

The candidate will have  3-5 years of  experience in Information Security, including recent experience with security programs (i.e. Data Access Management, Vendor Risk Management, Compliance, Data Loss Prevention, Vulnerability Management, metrics and reporting, policies and procedures, audits, governance, oversight, etc…) and technology (i.e. Intrusion Prevention Systems, e-mail and web filtering, identity and access management, Mobile Device Management, etc…). In-depth understanding of Information Security concepts. Knowledge of the security compliance requirements for HIPAA, SOC2, NYSDFS, etc…. Experience supporting related functions (such as IT audit, IT Risk Management, regulatory compliance). Experience with the development and implementation of enterprise security architectures and programs. A strong background in IT architecture and operations, with a solid understanding of security and auditing systems as well as networking protocols. Project management experience required. Strong communication, documentation, and presentation skills required. Bachelor's Degree in a related field or equivilant experience.

Diversity and Inclusion at Segal:

At Segal, we are committed to a culture of diversity and inclusiveness, as demonstrated through our recruitment, retention and employee development programs. We maintain an environment that respects and builds on the assets and talents of each person, valuing their differences. We also engage in good faith efforts to maintain an environment free from discrimination and harassment in strict compliance with applicable laws, and consider all qualified candidates for employment without regard to their race/ethnicity, national origin, color, religion, gender, sexual orientation, gender identity or expression, age, disability or medical condition, protected veteran or military status, criminal record history, marital status, or status in any group or class protected by applicable federal, state or local law. We also engage in affirmative action to employ and advance in employment qualified women, minorities, disabled individuals and protected veterans. Maintaining a diverse and inclusive workforce is a win/win, and provides Segal with the opportunity to leverage our top talent to provide innovative solutions to our clients.