Position Title: Senior Information Security Analyst
Department: IT
Division: AGI Corporate
Location: Naperville, IL, USA
About AGI
AGI is a provider of the physical equipment and digital technology solutions required to support global food infrastructure including grain, fertilizer, seed, feed, and food processing systems. With over 4,000 employees worldwide, and facilities and offices in Canada, the United States, Brazil, India, Europe, APAC, Australia and Africa, AGI sells its products globally through a network of wholly owned subsidiaries and third-party dealers and distributors.
The Opportunity
The Senior Information Security Analyst (ISA) is responsible for day-to-day operations and management of the enterprise information security program to ensure information assets and technologies are secure. Involved and participated in managing information security operations, cyber incident management, assist in the development of the Cyber Security Program. The Senior ISA is a senior role that requires an individual with a strong technical background. The Senior ISA will act as a representative of the Application Portfolio Lead and Security during IT planning initiatives to ensure that security measures are incorporated into strategic IT plans and that service expectations are clearly defined.
Responsibilities
- Provide technical expertise within areas of responsibility
- Be committed to personal development of new technical skills and knowledge
- Continually scan external technical and business environments to bring new and better ideas to the organization
- Ensure that technical information and knowledge is recorded and maintained in accordance with AGI IT standards
- Contribute to a better understanding of technology across AGI with both technical and business teams
- Work with the Enterprise Architecture team to ensure that architecture diagrams and technical standards are developed and maintained
- Assess IT risks and compliance and advise Director, IT Infrastructure and Security
- Contribute to IT Risk, Governance and Compliance Framework
- Contribute and Develop security standards and controls for security of networks, servers (on-premises and cloud), personal computing devices, data, and integrations
- Develop security incident response and remediation plans
- Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area
- Point of escalation for any serious security incidents and/or risks
- With Director, IT Infrastructure and Security, responsible for staff and external stakeholder identity and access management (IAM)
- Assist in AGI’s Information Security Awareness Program to promote and manage security awareness and education across AGI
- Understand data privacy regulations in all areas that AGI, its customers and suppliers operate and ensure that appropriate IT security measures are in place to maintain compliance
- Provide security guidance and advice for all IT projects and services
- Work closely with Enterprise Architecture team to ensure that IT security is documented and maintained as part of all projects and technologies
- Responsible for day-to-day security operations
- Work with technical teams to ensure that SecDevOps approach is taken to application development
- Partner with and manage outsourced IT security service providers
- Perform internal Security Audits to verify documented security controls are in place
- Perform internal Security Risk Assessments to provide leadership or other stakeholders a high-level analysis that determines the effectiveness of AGI cybersecurity controls and rate AGI’s overall cyber maturity
- Complete external requirements for IT Security Audits or requests for IT Security information
- Ability to complete IT Security Assessments on third party providers with written recommendations and maturity ratings.
Qualifications
- A post-secondary degree in Computer Science with experience working in the field of information technology security, OR equivalent combination of education, training, and experience may be considered.
- 5+ years in IT roles with at least 3-5 years in an IT security role
- Knowledge of Penetration and Web Application Testing
- Strong analytical skills
- One or more of the following certifications preferred: (Or working towards) ISACA Certified Information Security Manager, (ISC) SCCP, (ISC) CISSP, (ISC) ISSAP, COBIT, ISO, PCI
- Security Investigation experience is an Asset.
- Experience working collaboratively with leaders across the business and IT Operations delivering enterprise success
- Experience in selecting, developing and performance management of information security team members
- Experience working with legal, audit and compliance staff
- Experience developing and maintaining policies, procedures, standards, and guidelines
- Experience performing risk, business impact, controls, technical security testing, vulnerability assessments, and in defining treatment strategies.
- Knowledge and understanding of NIST Framework.
- Microsoft Azure Active Directory
- Microsoft 0365
- On premise and Cloud Security (AWS, AZURE)
- Working knowledge of routing and switching, and security devices such as firewalls, application distribution controllers, intrusion prevention devices, web proxies and related impacts.
- Security monitoring tools (SIEM (Security Information and Event Manager), MSSP (Managed Security Service Provider) MDATP (Microsoft Defender Advanced Threat Protection)
- Working knowledge of a sample of the following technologies is an asset, Web Proxy, Firewalls, Cisco Meraki, Active Directory, Azure Active Directory, and syslog
We thank you for applying, however, only those selected to continue in the interview process will be contacted.
We are an equal opportunity employer and value diversity. All employment is decided based on qualifications, merit and business need.
Accommodations are available upon request for candidates with a disability taking part in the recruitment process and once hired.