Location: Lansing,MI, USA
WE'RE LOOKING FOR YOUThe Information Security Analyst is responsible for participating in information security-related activities. In pursuit of this mission, the ISA coordinates tactical information security activities with information technology and other staff in a complex, decentralized global organization.The ISA performs the following activities:Act as a contact for all security review requests, both for internal and external party systems and services.Work with Privacy, and Legal teams to complete external party risk assessments.Perform technical assessments on both internal and external/third party systems and services.This position requires routine contact with IT as well as non-technical staff. This position reports to a Director of Information Security and supervises no staff. In this position you will:Participate in the implementation, and maintenance of the external party information security risk management program as part of TNC's overall external party due diligence review process.Participate in the assessment, monitoring, and documentation of the security posture and risk profile of external parties with access to TNC data, information, and records or to TNC systems.Participate in the security-oriented reviews of contracting-related documentation and provide security guidance to RFI/RFP/RFQ processes.Work with Privacy and Legal teams to document the classification of data, information, and records held or processed by external parties.Work with Information Technology staff to document the specifics of implemented technology solutions.Provide assessment of external party or internal system security based on provided architectural and operational documentation.Perform technical testing to validate the security-related behavior of a system, service, or piece of software.Work with business unit, IT staff, or external party to resolve any findings from security testing.Provide other Information Security teams with documentation of system configuration and expected behavior for applications and services.Provide advice and consultation to staff on information security-related policies, procedures, and best practices.Write documents for and deliver presentations to both technical and non-technical audiences.Participate in security incident response activities.Resolve issues independently within program area.Willing to work flexible hours.Work environment involves only infrequent exposure to disagreeable elements and minor physical exertion and/or strain.WHAT YOU'LL BRINGBachelor's degree in relevant technical discipline and 3 years of experience in an information technology department in any role, or seven years of experience without a degree.Experience having a strong customer service orientationExperience with Microsoft Office 365 programsDESIRED QUALIFICATIONSExperience working in a decentralized global organization, supporting staff and/or systems located in multiple states and/or countries.Multi-lingual skills and multi-cultural or cross-cultural experience appreciated.Time management and attention to detail.Experience in defining and documenting complex systems requirements.Experience in communicating effectively with internal and external audiences.Proficient with a written language other than English, particularly Spanish or Portuguese.Experience working with a Third-Party Risk Management platform.Experience with Cloud technology including AWS or Microsoft/Azure offerings for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS).Experience with security-related aspec