The Information Technology (ITS) department at Charles River Associates is currently a team of 30 professionals dedicated to enhancing, maintaining, and developing the firm's technology infrastructure and security. The team is comprised of three functions: Desktop & Telecom, Enterprise Application Solutions, and Information Technology Services. Information Technology staff are based in the Boston, Chicago, London, New York, Oakland, and Washington, DC offices.
The Information Security Analyst will be responsible for assisting the Information Security Team in maintaining a security program using data-driven methods that focus on organization and situation specific results. In this role, the Information Security Analyst will assist with the execution of security objectives that cover administrative, technical, and physical security controls to reduce risk and meet compliance requirements. The Information Security Analyst will also collaborate with Director of Strategy and Architecture and Information Security Manager on initiatives such as Risk Assessments, Incident Response, Security Testing, Vulnerability Management, and User Awareness training. This position will report to the Director of Technology Strategy and Architecture. The individual will be charged with maintaining and improving security and audit controls. The individual will assist with periodic audits as well targeted audits for our clients. The audits will include certification, network and application testing protocols. This position will be virtual to start and will eventually be located in Boston, MA.
- Provide responses to security assessments received from clients, and document remediation plans
- Assist in IT Audit function to ensure the firm is maintaining regulatory and contractual compliance (eg. SSAE 18 and SOX, HIPAA, GDPR and client contracts)
- Assist with reporting on the metrics to measure the effectiveness of security controls
- Assist with vulnerability management program
- Maintain centralized log management
- Assist with security projects
- Assist with policy maintenance and review
- Assist with Incident Response and investigations
- Assist with auditing and controls on internal systems and processes
- Assist with user awareness training and phishing exercises
- Stay current with information security trends and standards
- Perform other miscellaneous duties as assigned by management
- Ability to relate business requirements and risks to the implementation of policies and technologies.
- Knowledge of one or more formal risk assessment methodologies such as FAIR or NIST.
- Bachelor’s Degree in cyber security, computer science, information technology, or related field
- 2 years of successful progressive experience in information security or auditing
- Experience with third party risk management programs (questionnaires and review)
- Experience with vulnerability management tools and running a vulnerability management program
- Experience with SIEM tools
- Experience with information security standards such as ISO27001, SOC2, HITRUST
- Security certifications preferred. (CISSP, CISM, CISA, CEH, etc.)
- Experience working with IT infrastructure, cloud and mobile technologies, directory services, security infrastructure (including SIEM, firewalls, intrusion detection/prevention systems, vulnerability management systems, web application firewalls, remote access, PKI, cryptography, application and data security management systems)
- Experience with root cause analysis, risk mitigation, security assessments, analysis of security threats, trends and architecture preferred
- Proficient in IT control areas (i.e., change management, SDLC, Operations)
- Demonstrated experience overseeing the continuous monitoring and protection of information systems and tracking security metrics
- Demonstrated experience in communicating effectively in written and spoken form to broad internal and external entities including non-technical executives, corporate officers, business colleagues, auditors, external business executives, product and service vendors and external peers
- Experience with supporting a Global Company with a distributed user group preferred
- Proficient with Office Applications, excel, PowerPoint, Word and producing reports and graphs for management
About Charles River Associates
For over 50 years, Charles River Associates has been a premier consulting firm that offers employees a place to learn from a diverse group of consultants, industry experts, and academics. At CRA you will be exposed to leading minds who use economic, financial, and business analysis to solve complex world problems for an impressive roster of clients, including major law firms, Fortune 100 companies, and government agencies. Through a collegial environment, formal and informal training opportunities, and a broad array of professional development resources, your experience at CRA will open doors for you throughout your career.
Charles River Associates is an Equal Opportunity and Affirmative Action Employer (EEO/AAE)