Lead Security Analyst – Hybrid

Location: Allegheny County

Job Type: Contract to Hire

REQUIREMENTS: A master’s degree in Information Security or related field with 3 years work experience in information security management and/or related functions (such as IT audit and IT Risk Management) or bachelor’s degree in Information Security or related field with at least six years of work experience in information security management and/or related functions (such as IT audit and IT Risk Management). Hands-on team leadership and management experience; Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues. Aside from technical skills, should have excellent communications, teamwork, leadership and conflict management skills; Information security management qualifications, such as CISSP or CISM preferred. Ethical hacker certification or willingness to get certified.

PRIMARY FUNCTION: Serves as process owner for the development and implementation of the information security program and ongoing activities to preserve the availability, integrity and confidentiality of information resources in compliance with applicable security policies and standards.


  1. Lead development, documentation and maintenance of information security policies, procedures, and standards across Information Technology Services.
  2. Provide leadership for ongoing protection, detection and response services for information resources and digital assets as identified in the information security program and strategic plan. Monitors and routinely audits compliance to all information security procedures and policies, and ensures consistency of internal controls across departments.
  3. Manage and maintain information security tools such as SIEM, endpoint protection, vulnerability management systems, intrusion detection system and prevention systems (IDS/IPS) and other information security tools and cloud based management consoles.
  4. Monitor changes in local, state, and federal regulations and accreditation standards affecting information security, and make recommendations to the Director of Technical Services and other leaders on the need for policy changes.
  5. Liaison with and offer strategic direction throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
  6. Review, maintain, update, and recommend using a cloud computing checklist of all (SaaS, IaaS, PaaS) and other third party hosted resources.
  7. Initiate, facilitate, and promote activities to create information security awareness. Develop, implement and assess suitable information security awareness, training and educational activities.
  8. Lead the creation and maintenance of the information systems disaster recovery and business continuity plans; coordinate and conduct testing of these plans and the actual disaster recovery process.
  9. Independently perform risk assessments and work closely with the internal auditor and other third party auditors to preempt, mitigate, and respond to any audit findings that require action. Coordinate the annual audit of information security. Make recommendations for improving security measures on-site and cloud.
  10. Monitor the internal control systems to ensure that appropriate access levels are maintained. Monitor, identify, and analyze security risks to determine their impact and relevance to assets. Conduct research, analyze data, reach conclusions, and make appropriate recommendations.
  11. Provide oversight for incident response for all systems and information technology resources. Respond to security event escalations, and conduct detailed forensic analysis of potential incidents.
  12. Create and maintains all information system and software security certificate activities.
  13. Assist in system and software architecture and design to ensure that assets are appropriately secure at all times.
  14. Lead and participate on projects that are related to Information Security.
  15. Performs other duties as required or assigned.