The Senior Security Analyst role is responsible for translating industry, government, contractual, and interrnal compliance requirements (SOX, ISO 27001, etc.) into IT Security and Risk Management frameworks, policies, standards, and best practices. This role will provide support for the remediation of non-compliance areas across all of Lennar’s line of business and support internal and external audits.
As a self-motivted Associate, the Senior Security Analyst will also conduct operational tasks with a degree of independence as well as train less senior Associates on defined procedures and standards.
Principal Duties and Responsibilities:
- Provide technical expertise with the design, deployment and maintenance of Lennar’s security solutions to encompass compliance management frameworks, policies, standards, and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.
- Responsible for assisting in the identification, analysis and assessment of information risk scenarios.
- Provide expertise and guidance to reduce Lennar’s security risks, and ensure controls are applied to meet legal and regulatory compliance.
- Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to Lennar information assets.
- Implements solutions in alignment with IT strategy and standards.
- Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all Lennar’s information and physical assets.
- Participate in technology evaluations of risk and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
- Contribute to education and advisory services to applications/systems/data owners and help them understand control objectives, control design, and how to evaluate control operation effectiveness.
- Assist in the acquisition and vendor compliance assessment, procurement and evaluation of vendors and products.
- Develop and manage Lennar’s third-party risk and compliance management process.
- Maintains relationship with internal and external audit and compliance agencies to facilitate execution of audits.
- Participate in remediation efforts and recommendations as it relates to external and internal security audits.
- Review risk and control self-assessment results and communicate with the application/systems data owners key concerns and questions.
- Supports effective communication between the internal/external audit and information security team, IT operation and other departments and/or business units.
- Review, analyze and modify systems including configuring, testing and deploying to support the needs of the business
- Verify and document security controls in order for the systems to be certified and accredited.
- Assist in the development and maintenance of system security plans and contingency plans for all systems within scope.
- Participate in the risk assessment to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
- Supports research and analysis on the impacts on system modifications, technological advances, and malicious code.
- Apply and maintain understanding of security standards and best practice frameworks. Industry-specific standards and frameworks experience desirable.
- Understands the company‘s philosophy on diversity in the workplace
Education and Experience Requirements:
- Bachelor’s degree in any technology related field or a certification is required.
- Over 5 years of experience supporting information technology or security technologies or services in mid to large-scale enterprise environments. Comparable experience and trnasferable skills are acceptable.
- Experience in policy and control development as it relates to meeting compliance requirement from relevant regulations such as SOC, FFIEC, PCI and others.
- Supports identifying and analyzing emerging and advanced threats.
- Participates working across teams and third-party vendors to resolve security issues.
- Supports working across teams and third-party vendors to resolve security issues.
- Proficient in writing, and oral presentation skills.
- Ability to explain technical security issues confidently and simply without hype or buzzwords.
- Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Have the ability to work with technical and non-technical business owners to develop solutions.
- Ability to exercise sound judgment in complex situations
- Strong problem solving and decision-making skills.
- Handle multiple competing priorities in a fast-paced environment.
- Strong commitment to customer service.
- Results oriented, high energy, self-motivated.
- Ability to work well under minimal supervision.
- Ability to work under pressure, maintains composure and professionalism in a developing environment.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
Job Knowledge – Continuously enhances overall knowledge and seeks out new learning opportunities. Understands the elements of People, Process, Technology as part of solutions.
Attitude – Demonstrates optimism, persistence, positive attitude and displays loyalty to the organization.
Accountability – Accepts responsibility for own actions and decisions. Readily coachable and able to be developed. Fully engages in work and offers assistance at all levels.
Communication – Effectively conveys information and expresses thoughts and facts. Demonstrate effective use of listening skills and displays openness to other people’s ideas.
Teamwork / Collaboration – Works cooperatively and develops effective working relationships across the organization. Champions team success over personal success. Openly shares information, opinions and ideas with others.
Integrity & Trust – Presents the truth in an appropriate and helpful manner, keeps confidences, admits mistakes and doesn’t misrepresent for personal gain. Always suggests and defends the concepts of right and wrong behavior.
Customer Focus – Meet and exceed the needs of customers, both internal and external. Continually seek to provide the highest quality service.
Action Oriented – Driven to achieve and be successful in any task. Work at high level of efficiency and able to prioritize work and focus on most important items first.
Problem Solving & Creativity – Makes sound, logical decisions based on facts. Utilizes resources to apply practical and creative solutions. Openness to new approaches and ideas.
Leadership – Think strategically to align with business goals, and lead others in achieving those goals. Holds safety as a core value and acts as a role model to others.
This is primarily a sedentary office position which requires the position to have the ability to operate computer equipment. Finger dexterity is necessary.
This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice.