Senior Information Security Analyst
Background/IRC Summary: Background/IRC Summary: The International Rescue Committee (IRC) responds to the world's worst humanitarian crises and helps people to survive and rebuild their lives. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees required to flee from war or disaster. At work today in over 40 countries and 22 U.S. cities, we restore safety, dignity, and hope to millions who are uprooted and struggling to endure. The IRC leads the way from harm to home.
The IRC has defined a new strategic mission & vision, along with initiatives and key processes to meet strategic objectives. The IT department provides reliable and scalable application development and infrastructure for the IRC’s offices around the world, including technologically complicated locations. IRC’s ITHQ department includes 80 professionals primarily in the US & Nairobi and over 150 IT professionals in 40 counties supporting 15, 000 staff globally.
The Senior Information Security Analyst is a key member of the Global Information Security (GIS) team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC's risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns IT security controls with strategy and best practices, proactively and reactively assessing threats. The ideal candidate has a consistent record in both IT security technology implementation, operation and incident response.
This role is a key member of the GIS team supporting cyber security and data privacy services, operations, communications, and awareness. Reporting to and supporting the Deputy Director of Security Operations (DD SecOps), this role strengthens IRC's risk posture through the support of the multi-year Security Enhancement Program (SEP). This position serves as a backup to the Deputy Director SecOps and develops and aligns IT security controls with strategy and standard methodologies, proactively and reactively assessing threats. The ideal candidate has a proven record in both IT security technology implementation, operation and incident response.
Cyber Incident Response and IT Security and Privacy Support
- Strengthen security operations by leading the design and deployment of key technology security and privacy features. Lead organizational threat intelligence, incident response teams, and server as primary author for IR playbooks and processes. - Be responsible for and administer Security Information and Event Management (SIEM) system, improving processes to ensure alerts are dispositioned according to standard process at all levels of support. Provides ongoing analysis and tuning of the SIEM and implements SIEM and EDR-related management processes, including incident response playbooks and procedures for current and emerging threats. - Design and implement security and privacy health feedback metrics for multiple audiences. Use multiple sources, as necessary, to create and maintain metrics/measurements to articulate the current risk posture. - Serve as primary custodian (administrative, operational, and technical system administrator) for key Sentinel, Zerofox, Mandiant, Azure Defender, M365 security and compliance, and other systems as specified. Provide technical direction and training to technical staff to correct high-priority vulnerabilities. Resolve problems through internal resources or consultation with vendor technical support staff. - Provides input and advisory support to MS Dynamics 365 security team. - Actively supports Managed Security Services Providers and other related risk management providers.
Change and Project Management
- Works with organizational change management specialists to update and strengthen communications. - Coordinates with PMO and adheres to PMO project methodology. - Completes projects on time and quickly develops and maintains relationships with the organization.
Key Working Relationships:
Position Reports to: Deputy Director – Security Operations
Position directly supervises: NA
Indirect Reporting: Other Internal and/or external contacts:
Internal: IT staff across regions, HQ and Nairobi iHub, Safety and Security Team, Integra
External: Industry/sector peers and vendors. Law enforcement if needed for incident response.
Bachelor’s degree in an information systems-related field is required or 5 years of equivalent work experience. Advanced degree preferred.
Min 3-6 years in IT including at least 2 years in IT security operations, 2-5 years in a global organization;
Demonstrated Skills and Competencies
- Demonstrable experience leading and improving incident response for 8,000+ enterprises including establishing processes, standards, and runbooks. - Validated, hands-on understanding of Azure and enterprise-class technologies including phishing simulators, email security (i.e. gateway, DMARC/SPF/DKIM, etc.) M365, DLP and SSO/SAML, etc. sufficient to engineer technical security controls and respond to incidents. - Confirmed, hands-on experience optimizing cloud security systems such as MS Defender, Google Security Center, AWS (i.e. IAM, Macie, GuardDuty, Cloudtrail, etc.) Meraki, CASB, Box or Salesforce Shield, etc.) - Experience with MS KQL, python, and cyber frameworks (i.e Mitre Attack Framework, CIS, OWASP, etc.). - Good interpersonal skills to help identify key relationships and to maintain them, and adequate oral and written communications skills for technical policy and standards development. - Proven project management capabilities for deployment of IT security products and supporting communications skills needed to drive organizational change.
Language Skills: English required
Language Skills: English required; French and Arabic a plus
Certificates or Licenses: GIAC, CISSP, ITIL, CISM or others, which support adequate ability to design, deploy and operate IT security solutions; must possess or be actively working towards AZ500 Microsoft Azure Security Technologies.
Working Environment: Standard office work environment; work location may be another IRC office.
Travel****: Up to 5% /year
The IRC and IRC workers must adhere to the values and principles outlined in IRC Way - Standards for Professional Conduct. These are Integrity, Equality, Service, and Accountability. In accordance with these values, the IRC operates and carries out policies on Beneficiary Protection from Exploitation and Abuse, Child Safeguarding, Anti Workplace Harassment, Fiscal Integrity, and Anti-Retaliation.
IRC et les employés de IRC doivent adhérer aux valeurs et principes contenus dans le IRC WAY (normes de conduite professionnelle). Ce sont l’Intégrité, Egalite, le Service, et la Responsabilité. En conformité avec ces valeurs, IRC opère et fait respecter les politiques sur la protection des bénéficiaires contre l’exploitation et les abus, la protection de l’enfant, le harcèlement sur les lieux de travail, l’intégrité financière, et les représailles.