Information Security Analyst

Responsibilities

PCI-DSS Compliance & Security Operations

• Threat Monitoring: Proactively monitor network traffic, system logs, and security alerts to detect potential threats and vulnerabilities, with a strong emphasis on safeguarding cardholder data.
• Regulatory Compliance: Ensure full compliance with PCI-DSS standards by maintaining and enforcing all necessary controls for the secure handling of cardholder information.
• Incident Response: Lead timely responses to security incidents involving cardholder data, including investigation, root cause analysis, and implementation of corrective actions to address any compliance breaches.
• Risk & Vulnerability Management: Conduct regular risk assessments, security audits, and vulnerability scans to identify and mitigate threats, ensuring alignment with PCI-DSS requirements.
• Security Governance: Develop and enforce robust security policies, procedures, and best practices to strengthen the organization’s security posture and maintain regulatory compliance.
• Training & Awareness: Promote a culture of security by educating staff on PCI-DSS standards, security protocols, and organizational policies through ongoing training and awareness programs.
• Collaboration & Tool Management: Work closely with IT, development, and management teams to embed PCI-DSS requirements into systems and operations, while managing security tools such as firewalls, IDS, and encryption technologies. Engage with QSAs to support formal assessments and address compliance gaps.

Qualifications & Professional Experience

• Educational Background: Holds a Bachelor's degree in Computer Science, Information Security, or a closely related discipline.
• Certifications: Possesses or is working toward relevant industry certifications such as CISSP, CEH, CompTIA Security+, or PCI Professional—considered valuable assets.
• Information Security Experience: Brings over 5 years of hands-on experience in Information Security roles, with a strong focus on threat detection, risk mitigation, and compliance.
• Security Tools Expertise: Skilled in administering a wide range of security technologies, including Palo Alto, CrowdStrike, Cisco ASA, Checkpoint, Microsoft Defender, Microsoft Purview, Symantec Endpoint Protection, Qualys, and Tenable scanners, with adherence to CIS benchmarks.
• Frameworks & Standards: Demonstrates solid knowledge of industry standards and frameworks such as PCI-DSS, ITIL, COBIT, ISO/IEC 27000 & 31000 series, and SOC 2.
• Risk Assessment & Auditing: Experienced in conducting security threat and risk assessments using recognized methodologies like the Harmonized Threat and Risk Assessment (HTRA), and has prior involvement in IT audits.
• Technical & Analytical Skills: Proficient in using SIEM tools such as LogRhythm and Splunk; possesses strong analytical abilities, in-depth knowledge of modern networks, operating systems, protocols, and a proactive approach to resolving IT issues with urgency.

Interested? Share your updated CV