Cyber Security Analyst

Since its founding more than 100 years ago, ITW has become one of the world’s leading diversified manufacturers of specialized industrial equipment, consumables, and related service businesses. We place a high premium on the development of innovative solutions–most of which are developed in tandem with our customers. And we continue to ensure that our customers receive timely, cost-effective service for the innovative products we provide.

ITW’s differentiated business model is composed of a set of unique core capabilities: our proprietary 80/20 business process, customer-back innovation, and our well-known decentralized entrepreneurial culture. These capabilities are unmistakably ITW—and key to our longevity and strong performance.

ITW’s products and solutions are at work all over the world, in deep-sea oil rigs, aerospace technology, bridges and wind turbines, healthcare, the spaces in which we live and work, the cars we drive, and the mobile devices we rely on. We are never, whether we know it or not, more than a few steps from an innovative ITW solution.

Today, ITW (NYSE: ITW) is a Fortune 200 company that employs nearly 50,000 people with operations in 55 countries with headquarters in Glenview, IL. We are conveniently located across from the Metra commuter rail, with access to an on-site gym, café and active employee resource groups.

The Cyber Security Analyst is responsible for driving and building on a structured framework that secures our organization’s information systems and data. This role is responsible for providing security minded oversight in all areas of network, system, and applications. The Cyber Security Analyst works closely with technical teams to ensure that systems and networks are always implemented and managed with effective security and risk management controls. The Cyber Security Analyst leads the vulnerability management program, manages the annual cybersecurity assessments and penetration tests, with the goal of proactive and effective risk mitigation steps. In addition, the analyst is responsible to understand security events to further our capabilities to stop future attempts.

 Essential Functions

• Provides technical expertise regarding security-related concepts to operational teams within the Information Technology Department as well as the functional business groups
• Proactively monitor, investigate, and remediate real-time alerts within the environment
•  Monitor online security-related resources for new and emerging cyber threats
•  Assesses new security technologies to determine potential value for the enterprise
• Prioritize and remediate vulnerabilities of firm systems and networks
• Responsible for the deployment and administration of the security reporting and management
• Perform threat assessments and create a subsequent prioritized remedial action plan
• Prepare and conduct security risk assessments and provide associated gap reports
• Consult with IT and security staff to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software
• Recommend the implementation of technical controls to support and enforce defined security policies
• Develop a strong working relationship with the technical operations team to develop and implement controls and configurations aligned with security policies and legal, regulatory, and audit requirements
• Ensure system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements
• Engage in building information security metrics and/or dashboard to present to various IT stakeholders
• Provide system monitoring to the daily, weekly, monthly recurring security task list
• Work with 3rd Party Software Providers and Vendor Management to ensure that information system security requirements are included in contracts
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors

• Bachelor’s degree in Computer Science, Information Systems, Business, or related field. Master’s degree a plus.
• 5+ years of experience with 3-4 years in a information or network security related position.
• Proven record of building collaborative cross-functional relationships
• Good understanding of Information Security Risk Management, Gap Analysis, and Remediation Programs.
• Knowledge of information security principles, including risk assessment, risk registration, vulnerability tiered approach, and unified controls framework.
• Knowledge of network infrastructure, including routers, switches, firewalls, DMZs, IDS/IPS, and security services, would be very helpful.
• Certification – CISA or CCSP is helpful.
• Experienced in cybersecurity frameworks such as NIST, COBIT, ISO 27002
• Experienced within regulatory requirements (SOX, HIPAA, Privacy acts, etc.)
• Less than 10% travel required

All your information will be kept confidential according to EEO guidelines.

ITW is an equal opportunity employer. We value our colleagues’ unique perspectives, experiences and ideas and create workplaces where everyone can develop their careers and perform to their full potential. 

As an equal employment opportunity employer, ITW is committed to equal employment opportunity and fair treatment for employees, beginning with the hiring process and continuing through all aspects of the employment relationship. 

All qualified applicants will receive consideration for employment without regard to race, color, sex, gender identity, sexual orientation, religion, national origin, age, disability, protected Veteran status or any other characteristic protected by applicable federal, state, or local laws.