Sr. Cyber Security Analyst - Virtuoso : Job Details

Virtuoso® is the leading global travel agency network specializing in luxury and experiential travel. This by-invitation-only organization comprises over 1,200 travel agency locations with more than 20,000 travel advisors in 54 countries throughout North America, Latin America, the Caribbean, Europe, Asia-Pacific, Africa and the Middle East. Drawing upon its preferred relationships with more than 2,300 of the world's best hotels and resorts, cruise lines, airlines, tour companies and premier destinations, the network provides its upscale clientele with exclusive amenities, rare experiences and privileged access. Normalized annual sales of (U.S.) $28-$32 billion make Virtuoso a powerhouse in the luxury travel industry. For more information, visit www.virtuoso.com.The Senior Cyber Security Analyst helps maintain ISO 27001 and PCI-DSS Level enterprise security certifications and ensure data security, integrity and availability are maintained and regulatory requirements are met. Monitors adherence to information security policies to ensure that appropriate access to, and the confidentiality of client, employee, and company information is maintained. Supports GDPR, CPRA, PCI-DSS and any new compliance standards across the organization that will ensure the company and its client's personal data remains secure. Administers vulnerability management activities and assists with technical security recommendations and remediation projects. Assists with scheduled internal audits to detect information loss or policy violations. Participates in the evaluation and recommendation of security products, services and/or procedures to enhance productivity and effectiveness.Essential duties and responsibilities include the following. Other duties may be assigned.Develop and enforce information security and privacy practices, policies, procedures in a “cloud-first” environment. Ensure proper education and maintenance of regulatory/compliance standards and/or frameworks (e.g. ISO27001, PCI-DSS, etc.)Executes vulnerability management tasks including configuration and review of vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts and production of monthly metrics.Continuous improvement of monitoring and response capabilities, particularly in Cloud-native environments, such as Microsoft Azure, SnowFlake, etc.Assist with review audits (e.g. client, regulatory and/or standards based) with business partners as needed to ensure appropriate data sharing, communication and prioritization for dependent resources.Comprehend all aspects of Cybersecurity and apply technical application security testing expertise to assist in identifying weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive, and confidential company information and data.Ensures ISMS (Information Security Management System) documentation/policies and procedures stay current and updated.Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive, and thought leadership attitude to Virtuoso and its Membership and the greater security community.Follow and re-enforce Privacy and Security policies and guidelines.Working knowledge of information/cybersecurity, infrastructure vulnerabilities, and network security products (hardware and software)Performs information security risk assessments and assists with the daily, weekly, monthly, and quarterly internal auditing of information security processes.Experience handling security events/incidents as part of an Incident Response teamEnsure the integrity and confidentiality of access to designated corporate and customer applications, databases, servers, and other systems.Monitors the security infrastructure for policy violations or security events and participates in problem management and forensic activities as needed.Assists in responding to client requests including preparation of written audit responses and preparation of evidence.Tests and assists with selection and implementation of controls that apply security protections to enterprise systems, processes, and information resources.Supports IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).Continuous monitoring and security posture improvement of cloud service technologies, such as Microsoft Azure, SnowFlake and various SaaS apps.Working knowledge of Windows/Linux operating systems and web browser behavior, networking, database, systems, and mobile devices.Experience with network and/or application pentesting preferred.Knowledge of security issues, techniques, and implications across Enterprise client computer platforms required.Proven interpersonal and communication skills.Strong work ethic; excellent use of discretion and judgment. Excellent written communication skills.Strategic thinking and planning abilities required.Able to breakdown raw information and undefined problems into specific, workable components that in turn clearly identify the issues at hand.Makes logical conclusions, anticipates obstacles, and considers different approaches that are relevant to the decision-making process.Effectively meet challenges, influence, and drive consensus within the team.Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company.Educational and Skills Requirements:3-5 years' experience in a combination of information compliance and Information Technology positions demonstrating a progressive growth in responsibilityBachelor's degree or equivalent experience in an IT-related or compliance discipline or related work experienceCyber Security certification preferred (CISSP, OSCP, CompTIA Security+/Pentest+, etc.)Direct and recent working experience with the following compliance programs/Information Security Frameworks: ISO 27001, NIST, PCI-DSSProven experience with current IT security and compliance technologiesDemonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computingStrong background in incident response, intrusion detection or threat intelligenceStrong working knowledge of TCP/IP networking and common protocolsExperience with centralized log management toolsExperience with managing endpoint and server protection technology such as anti-virus/spyware/malware, application whitelisting, and patching toolsExperience with application and network penetration testing preferredStrong communication skills and the ability to work collaboratively with IT and system administration, Database Administration, and application development staffStrong organizational skills to lead multiple highly visible projectsTechnical Competency Preferred:Security experience in a cloud platform (e.g., AWS, Azure, GCP, Heroku, etc.)SnowFlake Monitoring and AlertingDevSecOpsApplication/System Vulnerability ManagementMicrosoft Office 365/Azure native security toolsCybersecurity Incident Response experiencePowerShell, Python, or similar scripting languageCato FirewallsEndpoint protection softwareTravel Requirements:Travel is rarely required for this position (0-1 trips per year).Travel will be entirely domestic.Type/Nature of Contacts:External: Daily contact with Virtuoso members and external vendors.Internal: Daily contact with Virtuoso staff.We offer a competitive salary and full benefits package, including medical/dental/vision/life, 401(k) savings plan, and more. Virtuoso is an equal opportunity employer, dedicated to promoting a diverse workforce.Pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location, experience, knowledge, skills, and abilities of the applicant.