Information Security Analyst

Washington, DC
Oct 08, 2019
Dec 22, 2019
Full Time
Application Instructions

Please list all professional experience and explain any gaps in employment history.

Job Description

The Washington Post was named the #8 Most Innovative Company in the world by Fast Company in 2018 and maintained our title of #1 Most Innovative Media Company - an award reflective of our dedication to transformation, integrity and quality. We are combining our agile, high-performance engineering team with 138 years of world-class journalism to deliver quality content and innovative experiences. We offer an array of products and services including The Washington Post newspaper, The Washington Post app, Washington Post Classic app,, WP BrandConnect, Washington Post Live events and Post TV, yet our approach is always the same- shape ideas, redefine speed and take ownership. Every employee, every project, every day.

The Washington Post is seeking an Information Security (InfoSec) Analyst who will conduct technical activities aimed at preventing and responding to cyber incidents, developing and implementing new cyber-security processes and policies, along with advising the company on a wide variety of information security issues, concerns, and problems. This InfoSec Analyst will conduct incident triage, analyze severity of incidents, and resolve them with assistance from other teams as required.

  • Work with InfoSec leadership to draft, edit, and update Washington Post cyber policies.
  • Coordinate across the Engineering Department for internal and external audits of IT General Control processes, ISO framework and internal policies.
  • Develop, maintain and report on Key Performance and Risk Indicators
  • Attain PCI DSS certification to perform audits and complete Self-Assessment Questionnaires (SAQ).
  • Perform re-audits and evaluations to ensure compliance with proper internal control policies and procedures. Work with Engineering to remediate the gaps.
  • Conduct legal reviews of vendor and customer contracts to validate or negotiate DPIS terms and conditions.
  • Provide recommendations for security controls and ensures remediation of any deficiencies.
  • Administer company phishing and security awareness training campaigns using KnowBe4.
  • Engage in continuous process improvement. Incorporate automation where possible, ensuring efficiencies and a properly controlled operational environment.
  • Assist developers, users, and other internal staff to establish and maintain secure and reliable information systems at The Washington Post.
  • Review requirements statements, feasibility analyses, operating procedures, and other documents produced during systems development processes to ensure appropriate security measures are included.
  • Educate and advise others regarding the application of information security policies, standards, and other requirements to specific information systems.

Core Requirements:

EDUCATION - Bachelor's degree preferred; focus in computer science or related technical field preferred.

EXPERIENCE - Minimum of 2 years of relevant professional experience required.

CERTIFICATION - Relevant certifications a plus.

Preferred Experience & Skills:
  • 2 or more years' experience working on InfoSec compliance and policy-related initiatives required.
  • Background in ISO-27001 certification programs and processes a plus.
  • Knowledge of GDPR requirements and privacy policies desired.
  • Experience reviewing DPIS legal terms and conditions a plus.
  • Demonstrated knowledge of risk management and risk assessment tools / techniques.
  • Demonstrated analytic, problem solving, and root cause analysis skills with the ability to think quickly, remain calm under pressure, and work with others in a client-oriented environment.
  • Must be a self-starter.

Similar jobs