Senior Cybersecurity Analyst

Job Title: Senior Cybersecurity Analyst

Reports to: Director of IT Infrastructure

Location: Remote (Blue Bell, PA)

OUR COMPANY:

Have you ever wondered what it would be like to operate in an environment that prides itself on the commitment to lead with compassion, humility, and a sense of humor? It may just be time for you to escape the “daily grind” and join the Jacob Stern & Sons family today. At Jacob Stern & Sons, our employees provide solutions where others may only see problems. We are a uniquely peculiar company offering refuge to professionals who value respect and dignity rather than the status quo.

As one of the longest-running family-owned businesses in the U.S. offering more than 160 years of superior service, Jacob Stern & Sons is recognized worldwide for its stability, long-standing relationships, and a reputation synonymous with quality. We are a privately-owned importer, exporter, processor, and distributor of specialty agri-chemical products derived from natural sources. Today, Jacob Stern & Sons has grown to include four district business lines to better serve the needs of manufacturers at home in the U.S. and aboard. We invite you to learn more about Jacob Stern & Sons and apply today

POSITION OVERVIEW:

We seeking a seasoned, strategic-minded Senior Cybersecurity Analyst to enhance our team. Reporting to the Director, IT Infrastructure, the Senior Cybersecurity Analyst will use their in-depth knowledge in IT infrastructure and advanced cybersecurity to lead and evolve our cybersecurity programs while strengthening the security posture of our networks, systems, and applications.

The role demands comprehensive understanding and extensive experience in hardware, software, networking, telecommunications, cloud infrastructure, and core cybersecurity principles and best practices. This role also involves independently researching, planning, and delivering on critical infrastructure and security projects.

The ideal candidate for this role will demonstrate a strong drive, proactive approach, and thrive on challenges and problem-solving. An inherent eagerness to take the lead on key responsibilities to strengthen and grow the organization's infrastructure and cybersecurity programs is critical.

Applicants must be legally authorized to work permanently in the U.S. Local candidates only; no relocation benefits are available for this position.

RESPONSIBILITES AND ACCOUNTABILITIES:

• Lead the creation and execution of the organization’s cybersecurity strategy, incorporating industry best practices and standards, such as the NIST Cybersecurity Framework. This includes establishing strategic objectives and key performance indicators (KPIs) for the cybersecurity program.
• Manage the development, review, and enforcement of cybersecurity policies and procedures, ensuring they are aligned with industry best practices, even as they change, such as the NIST Cybersecurity Framework (CSF).
• Implement sweeping improvements to improve the maturity of each of NIST CSF’s 5 core functions: Identify, Protect, Detect, Response and Recover.
• Drive risk management efforts, which include proactively identifying and reporting cyber risks, threats, and vulnerabilities. Develop and implement a risk mitigation strategy and report to senior leadership on the cybersecurity risk landscape.
• Develop and oversee a cybersecurity risk management program, incorporating regular risk assessments and dynamic risk mitigation strategies to address changing threat landscapes.
• Enhance the Jacob Stern & Sons culture.
• Own the lifecycle management of security technologies, which involves designing, architecting, implementing, and regularly reviewing security controls across the organization.
• Manage a comprehensive security testing program that includes regular penetration testing, phishing simulations, and red team exercises. Interpret results, prioritize remediation efforts, and share insights with relevant stakeholders.
• Oversee vulnerability management, ensuring that identified vulnerabilities are promptly and effectively remediated. Develop processes to ensure swift and efficient resolution of security threats.
• Own the Patch Management program, ensuring that patches and updates are appropriately prioritized, tested, and deployed within set SLAs.
• Ensure regulatory compliance, leading the organization's efforts in adapting to and meeting evolving regulatory requirements. Lead all internal and external audits and ensure the organization stays ahead of emerging regulations and standards.
• Institute a robust data protection and privacy program, ensuring adherence to data protection laws, regulations, and standards. This includes implementing data encryption, managing access controls, conducting privacy impact assessments, and supervising data lifecycle management processes.
• Develop and lead a robust Incident Response Program, which includes regular disaster recovery tests and incident response simulations. This program should ensure organizational readiness and resilience in the face of a cyber event.
• Direct incident response efforts, ensuring a swift, coordinated, and effective organizational response to security incidents. This includes leading post-incident reviews to identify lessons learned and areas for improvement.
• Oversee the Managed Detection and Response (MDR) and Security Operations Center (SOC) functions, including the administration of the Security Event and Information Management (SEIM) system.
• Serve as the primary point of contact for all cybersecurity matters, which includes handling security audits, questionnaires, assessments, and incident escalations. Develop a response repository to improve organizational response times.
• Champion cybersecurity awareness across the organization, designing and implementing an effective awareness program and fostering a culture of security. Regularly educate employees on emerging cybersecurity trends, threats, and their roles in maintaining security.
• Establish and manage a vendor security program, which includes regular assessment of vendor security standards and controls to mitigate potential third-party risks.
• Manage relationships with external cybersecurity service providers and vendors, ensuring a collaborative and coordinated approach towards maintaining a strong security posture.
• Integrate cybersecurity principles into the SDLC, ensuring that security is considered at every stage of internal software development efforts.
• Develop and maintain a cybersecurity metrics and reporting program, to provide the organization with meaningful operational and strategic metrics. Regularly report to senior management on the organization’s security posture and ensure that the metrics are aligned with business risks.
• Lead the continuous improvement of cybersecurity processes and controls, by staying current with the latest cybersecurity advancements, technologies, and best practices. Incorporate relevant changes into the organization’s cybersecurity program to improve efficiency and effectiveness.
• Improve security of Operational Technology (OT) and Industrial Control Systems (ICS)

KNOWLEDGE, ABILITES, AND SKILLS DESIRED:

• Bachelor's degree in Cybersecurity, Information Security, or a related Computer Science discipline. Advanced degrees are highly preferred.
• Professional certifications such as CISSP, CISM, CompTIA Security+, or equivalent are required.
• Minimum of 5 years of experience in progressively responsible roles within Cybersecurity, Information Security, or IT Infrastructure.
• In-depth experience and advanced knowledge of cybersecurity concepts covering IT Infrastructure, including networks, servers, and cloud-based applications.
• Profound knowledge and hands-on experience with industry-standard compliance frameworks, especially the NIST cybersecurity framework (CSF).
• Robust knowledge of contemporary risk assessment tools, technologies, and methods.
• A firm grasp of the latest security principles, techniques, and protocols, including advanced threat landscape and emerging security technologies.
• Deep understanding of data privacy regulations such as GDPR, CCPA, and other emerging legislation.
• Exceptional interpersonal and influencing skills; proven ability to develop and maintain working relationships across all levels of an organization.
• Demonstrated business and personal judgment, developed through experience interacting with people at all levels of the business.
• Excellent problem-solving skills and the ability to communicate complex security concepts effectively to both technical and non-technical audiences.
• A working knowledge of Operational Technology (OT) infrastructure and security concepts a requirement; advanced knowledge of OT and Industrial Control Systems (ICS) a plus
• Eagerness to learn new technologies and topics, excited by the possibilities of AI and how it can be leveraged to help secure the environment.

CORE COMPETENCIES:

Strategic Communication

The ability to articulate complex ideas effectively and adapt language use to various audience levels, ensuring clear understanding of cybersecurity concepts and strategies both verbally and in writing.

Drive for Excellence

The capacity to take decisive action to meet or exceed objectives, demonstrating a commitment to delivering high-quality results in the cybersecurity realm.

Ethical Standards

Upholds the highest level of integrity, adhering to the standards, values, and rules of conduct associated with the role and within the cybersecurity field. Demonstrates incorruptibility and ensures ethical considerations guide all actions.

Collaborative Leadership

The ability to work collaboratively with others, leveraging internal and external resources when necessary, to achieve shared cybersecurity goals. This includes leading cross-functional teams and fostering a cooperative work environment.