Information Security Associate

Overview:
**Now is the time to join us**

At Virgin Pulse we value and celebrate diversity and we are committed to creating an inclusive environment for all employees. We believe in creating teams made up of individuals with various backgrounds, experiences, and perspectives. Why? Because diversity inspires innovation, collaboration, and challenges us to produce better solutions. But more than this, diversity is our strength, and a catalyst in our ability to #changelivesforgood.

**Responsibilities**:
**Who are you?**

As Information Security Analyst for the industry leading employee wellbeing and engagement platform, you will work as a member of the team responsible for ongoing prevention, detection and response to cyber threats across all of the company’s systems.

Reporting to the Information Security Manager, your core responsibilities will include working with our InfoSec, CyperSecOps, CyberSecEng, Fraud Prevention, and Corporate Systems teams to ensure technical security controls are deployed and performing optimally.

Key responsibilities will include implementing and maintaining effective policies and procedures, control management and actively supporting external and client audit activities for the organization.

This is a hands-on roll involving working with our internal teams, vendors and external parties to continuously ensure our compliance with regulatory compliance, contractual obligations and various framework models.

**In this role you will wear many hats, but your knowledge will be essential in the following**:
- Assist a team of CyberSecOps Engineers and Information Security Analysts
- Participate and lead internal and external audit efforts such as PCI, SOC2, ISO-27001, HITRUST.
- Monitor AWS and Azure security dashboards (Guard Duty, Security Hub, VPC Flow Logs, Sentinel, etc).
- Continuously assess endpoint security control coverage, escalating gaps to appropriate teams for corrective action where required.
- Create and manage security metric dashboards for use within the team and provide management reporting.
- Lead event analysis for network and system alerts in addition to anomalous platform activity, supporting internal and customer facing teams with accurate and timely log review and follow up.
- Participate Red / Blue Team and CSIRT exercises, involving stakeholders across the business.
- Regularly audit public IP space and DNS records including cloud hosting resources.
- Manage cyber reputation tools to ensure findings are reviewed and resolved efficiently.
- Deliver weekly reporting on core security metrics to applicable stakeholders.
- Support business teams to interpret governance requirements into technical controls.
- Manage relationships with security vendors and consultants.
- Investigate, recommend and install security enhancements and operating procedures to enhance security posture and optimize workflows.
- Ensure the confidentiality, integrity and availability of information being processed, stored, accessed or transmitted within systems and networks.
- Support the planning and execution of business continuity and disaster recovery tests.
- Serve as lead and escalation point for security events.
- Coordinate with stakeholders across the business for mitigations pertaining to ongoing security threats to the organization as needed.
- Other duties as assigned by Manager or Director.
- You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in._

Qualifications:
**What you bring to the Virgin Pulse team**

**In order to represent the best of what we have to offer you come to us with a multitude of positive attributes including**:

- The ideal Information Security Analyst will possess the following experience, characteristics and expert knowledge:

- BS degree and/or Security specific certifications preferred, with focus on operational and auditing related experience.
- Hungry, Humble and Smart
- Interest in SaaS Cyber Security / SecOps
- Ability to prioritize and execute tasks in a high-pressure environment and take direct instruction during emergency
- In depth experience with SIEM, Endpoint Protection, Data Loss Prevention, Intrusion Detection and Cloud Security
- Previous responsibility in management of security vendors and budgets
- Demonstrated ability to prioritize and treat technical
- ** Previous work supporting of SOC, ISO, PCI, and HITRUST certification and compliance**:

- Experience in vulnerability management programs and patch
- Able to provide technical and professional leadership, guidance, and training to

Ability to build relationships and communicate effectively with peers across all business functions

**You also take pride in offering the following Core Skills, Competencies, and Characteristics**:

- Success in this role will be defined by a number of achievements, inc