Senior IT Security Analyst

Senior IT Security Analyst

Job ID #: 84750
Location: CA-Woodland Hills
Functional Area: Information Technology
Company: 19117 - SunAmerica Annuity and Life Assurance Company
Employment Type: Full Time - Permanent
Education Required: Bachelors Degree (or equivalent)
Experience Required: 6-9 years
Relocation Provided: No
Travel Percentage: 0

Position Description:

Position Summary
Performing risk assessments on potential business partners (including cloud providers) to evaluate general information security controls as well as application specific security controls; These risk assessments would be conducted through a combination of security questionnaires (such as BITS Shared Assessment Program) and automated tools.

Organizational Structure
The Senior IT Security Analyst reports directly to the Vice President of Information Security.

Performance Objectives
The Sr. Security Analyst will evaluate the results of the assessment and will advise various stakeholders on the results.
Work with internal businesses, users and staff to enforce corporate information security policy and procedures by providing assistance in applying security standards to projects.
Perform operating system, network and application vulnerability assessments to identify and prioritize security exposures in the environment. Follow up with IT staff to remediate findings.
Deploy and administer security software solutions as needed (such as Network and Host IDS, Network Forensics, system auditing tools, etc)
Produce metrics reports on security initiatives
Address requests from internal and external auditors on company security controls
Review weekly changes to systems and applications for potential security risks
Work with Legal and HR staff to perform computer forensic work and/or address e-discovery requests
Advise management on industry developments in business practice, technology, security issues and legislation that impact the company's security policy
Reviewing Firewall changes for security risks;
Monitor for the occurrence of security incidents and respond using incident response best practices.
Performing light Windows and UNIX security administration.
Project manage and help implement initiatives surrounding data privacy
Conduct security audits and provide gap analysis against security practices and standards.
Evaluate newly proposed security policies and provide recommendations to management on technology changes required to comply
Develop, document and implement information security procedures to enforce information security standards.
Provide leadership role on the team and guidance to security administrators and analysts.
Perform other security-related duties as requested.

Position Requirements
The Ideal Candidate Should Have
College degree and CISSP or other professional designation or certification related to Information Security preferred
Five (5) years or more experience in information security related positions, including at least two (2) years experience with hands-on technical experience.
Prior experience assessing 3rd parties (such as cloud providers) or with BITS Shared Assessment Program
Prior experience developing and implementing security policy and/or standards desirable.
Strong familiarity with security issues surrounding network computing and experience in implementation of security systems and controls
Excellent working knowledge of Microsoft and/or UNIX operating systems and related applications (such as IIS, SunOne, Oracle).
Strong understanding of multiple networking protocols (TCP/IP, NetBIOS etc.) and networking concepts.
Strong understanding of OS and network security weaknesses, vulnerabilities and remediation.
Formal training or commensurate work experience in security tools (scanners, Intrusion Detection Systems, and security analysis tools).
Formal training or commensurate work experience in security administration for at least three technical areas (eg LAN/WAN, Microsoft, UNIX, Firewall, TCP/IP, Application vulnerabilities).
Familiarity with at least one Scripting language to automate tasks.
Experience with deploying and securing Internet applications.
Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
Strong analytical skills.
Computer forensic skills desirable.
Excellent written and verbal communication skills.
Ability to deal diplomatically and effectively with all levels of technological expertise, including technical staff and senior management.
Ability to balance project work with day-to-day administrative tasks and troubleshooting in a highly dynamic business environment.

SAFG:CB04/11/2013

About Us:

American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States.

AIG Property Casualty is a global market leader, one of the few truly global property casualty franchises.

AIG Life and Retirement is one of the largest life insurance organizations in the U.S., and provides protection, investment and income solutions needed for financial and retirement security.

United Guaranty Corporation is the marketplace leader in mortgage insurance in the U.S.

Additional information about AIG can be found at our Website.