Senior Information Security Analyst – Risk and Assurance - Eide Bailly LLP

Location: Fargo, ND; Mankato, MN; Sioux Falls, SD

Work Arrangement: Hybrid

Typical Day in the Life

The Senior Information Security Analyst plays a crucial role in safeguarding the company’s data and information systems. This position involves developing, implementing, and maintaining security policies, procedures, and standards. The analyst performs risk analyses and recommends risk mitigation strategies that promote the confidentiality, integrity, availability, and privacy of the firm’s information assets.

Key responsibilities include conducting risk assessments, managing third-party risks, overseeing vulnerability management, and ensuring cloud security. The analyst also collaborates closely with the Information Technology Services (ITS) team, supports the Chief Information Officer (CIO) and Information Security Director (ISD) to mitigate information security risks. Additionally, the role involves policy development, control selection and compliance, configuration assessments, performing internal penetration testing and managing third-party penetration testing efforts.

• Policy and Procedure Development: Create and maintain information security policies, standards, and procedures based on industry frameworks and regulatory requirements. Periodically review and update policy documents to reflect changes in programs, industry standards, or frameworks.
• Change Control Review: Evaluate proposed changes to ITS-managed infrastructure to ensure operational security is not compromised.
• Conduct Information Security Risk Assessments: Perform thorough risk assessments to identify vulnerabilities, threats, and associated risks within the organization’s systems, infrastructure, applications, and processes.
• Control Proposals: Propose administrative, technical, or physical controls to reduce risks and ensure the confidentiality, integrity, and availability of the firm’s systems and data. Coordinate proposals with the ISD.
• Compliance and Regulatory Requirements: Ensure compliance with relevant industry standards (e.g., NIST CSF, CIS), regulations (e.g., GDPR, HIPAA, PCI-DSS), and internal security policies and standards.
• Threat Analysis: Proactively identify and analyze internal and external threats. Research threat and attack vectors that impact the confidentiality, availability, and integrity of firm or client data, and create security requirements. Translate security requirements into standard configurations and security patching on client computers.
• Emerging Threat Research: Stay informed about the latest security threats, vulnerabilities, and industry trends to proactively identify potential risks and recommend appropriate countermeasures.
• Risk Analysis and Mitigation: Analyze and evaluate risks to determine their impact and likelihood and develop strategies and controls to mitigate residual risks.
• Third-Party Risk Management: Assess security risks associated with third parties and conduct due diligence assessments to ensure compliance with security requirements.
• Security Governance and Reporting: Provide regular reports and updates on information security risks, trends, and recommendations to senior management and stakeholders.
• Vulnerability Management: Conduct regular vulnerability assessments and scans to identify potential security risks and ensure timely remediation. Develop and implement strategies to mitigate vulnerabilities detected on-premises or in the cloud, collaborating with cross-functional teams to enhance overall security posture. Measure and report on progress.
• Configuration Assessments: Perform regular configuration assessments to ensure on-premises or cloud-hosted systems comply with security policies and industry standards. Identify and rectify configuration issues, collaborating with IT teams to maintain optimal system performance and security.
  
• Security Incident Response: Participate in incident response activities to investigate and address security incidents, including conducting root cause analysis and implementing preventive measures.
  
• Security Awareness and Training: Develop and deliver security awareness programs and training sessions to educate employees on information security risks, best practices, and policies.
  
• Personal Development: Establish personal development plans to grow and strengthen security knowledge and skills, demonstrating a commitment to continuous learning.
  
• Continuous Improvement: Continuously enhance the organization’s security risk management program by developing and implementing improvements, processes, and controls.
  
• Incident Response Improvement: Assist in developing processes and procedures to improve incident response times, analysis of incidents, and overall security functions.
  
• Feedback and Improvement: Provide actionable feedback to ITS teams to improve the security posture of operational systems.
  
• Employee Support: Efficiently resolve security questions and concerns reported by employees through the ITS ticketing system, ensuring responses meet employee and firm expectations.

Who You Are

• Bachelor’s Degree in Information Technology, Computer Science, or a related field. An equivalent combination of education and experience may be substituted.
• 5+ years of experience in information security.  Additional experience in areas related to privacy, system or network administration, or information technology/services support a plus.
• CISSP, SANS, CISA, CRISC, and/or IGP certifications preferred.

Knowledge and Skills

• Working knowledge of information security concepts and methodologies, as well a practical understanding of security principles such as authentication, authorization, access control, assessment, protection, and incident response strategies.
• Ability to communicate clearly verbally and in writing.
• Ability to work on multiple projects and meet deadlines by setting priorities with work projects.
• Ability to establish and maintain effective working relationships with co-workers and clients.
• Strong familiarity with Microsoft technologies, specifically Microsoft Azure and security related tools and technologies.
• Proficient with computers, Microsoft Office (Word and Excel) and related programs.
• Demonstrates competencies in accordance with Career Development, Planning, Organizing, and Teamwork.

Physical Requirments 

• Requires prolonged sitting, some bending, stooping, and stretching.
• Requires hand-eye coordination and manual dexterity sufficient to operate a keyboard, photocopier, telephone, calculator, and other office equipment.
• Hearing must be in the normal range for telephone contacts.
• Requires the ability to lift to 20 lbs.
• Prompt and dependable attendance.

The duties described above are the general nature and levels of work performed but are not intended to be a complete comprehensive list of all the duties, activities, and responsibilities required of job incumbents. Supervisors or managers may ask job incumbents to perform other duties as needed and/or required.

Must be authorized to work in the United States permanently without the requirement of sponsorship at any point in the future.

Benefits and Compensation

Our compensation philosophy emphasizes competitive and equitable pay. Eide Bailly complies with all local/state regulations regarding displaying salary ranges. Final compensation decisions are dependent upon factors such as geography, experience, education, skills, and internal equity.  

Salary Range: $95,000 - $115,000

Beyond base salary, Eide Bailly provides benefits such as: generous paid time off, comprehensive medical, dental, and vision insurance, 401(k) profit sharing, life and disability insurance, lifestyle spending account, certification incentives, education assistance, and a referral program. For more information about our benefit offerings and other total rewards, visit our careers page.

What to Expect Next

We'll be in touch! If you look like the right fit for our position, one of our recruiters will be reaching out to schedule a phone interview with you to learn more about your career interests and goals. In the meantime, we encourage you to check us out on Facebook, Twitter, Instagram, LinkedIn or our About Us page.

Eide Bailly LLP is proud to be an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other status protected under local, state or federal laws.

#LI-BC1