IT Security Analyst II

Who We Are 

BGIS is a leading provider of customized facility management and real estate services. With our combined team of over 6,500 globally, we relentlessly focus on enabling innovation through the services we deliver, while actively looking for new opportunities that will enable innovation for our clients’ businesses. Globally, we manage over 320 million square feet of client portfolios across 30,000+ locations in North America, Europe, Middle East, Australia and Asia. Further information is available at www.bgis.com 

SUMMARY  

The position of Information Security Specialist II will report to the IT Security Manager in support of the Information Security Program established at BGIS.  The position will be responsible for tasks in support of security operations and implementations.  This position will maintain and improve the IT-Security posture at BGIS with a focus on best-practices consultation, incident response, security project delivery support and security operations.

KEY DUTIES & RESPONSIBILITIES  

Security Operations

• Monitors multiple Security Tools to detect, validate and respond to malicious activity, security events, unauthorized access or use of BGIS information assets; develop solutions to prevent future re-occurrences and find innovative ways to enforce security policies and procedures. 
• Proficient in monitoring various security administrative consoles as well as IT related administrative consoles to determine root causes for security events (Security Incident and Event Management, Endpoint Protection, Cloud Access Security Broker, Email Security).
• Creatively and independently provide resolution to security problems in a cost-effective manner.
• Assess and communicate any security risks associated with any purchases or practices performed by the company.
• Maintain the Information Security Risk Register and facilitate quarterly review with stakeholders.
• Support quarterly phishing campaign activities including exercise preparation, coordination with Proofpoint, end-user guidance and campaign reporting.
• Provide operational support for the Identity and Access Management program at BGIS, including the Identity Provider service (Ping Federate), Privileged Access Management service (Cyber Ark), and the quarterly attestation reporting for RealSuite.
• Liaise with DevOps, Infrastructure, Database and Network support teams to implement and enforce security technical best practices.
• Be active policy governance and compliance agent / liaison in order to expand culture of security awareness throughout BGIS.
• Remain informed on threats, trends and incidents in the security industry, including current and emerging technologies.
• Understanding and knowledge of Cloud (Azure, AWS, etc) security practices.
• Experience in dealing with 3rd party vendors and/or service providers.

Security Planning and Implementation

• Participate in security initiatives and proof of concepts with vendors, utilizing critical analytical skills to advise management on best solutions for BGIS.
• Apply security best practices and architectural recommendations as they align to written policies, guidelines or procedures.
• Provide continual updates to technical security policies to help enforce written documented security policies and guidelines.
• Contribute to annual Security Strategy collaboration sessions and recommendations.
• Liaise with DevOps, Infrastructure, Database and Network support teams to implement and enforce security technical best practices.
• Remain informed on threats, trends and incidents in the security industry, including current and emerging technologies.
• Experience with SDLC security practices and code reviews.

KNOWLEDGE & SKILLS 

• College Diploma in related field of expertise plus 5-10 years’ experience in IT-Security specific roles, with at least 1-2 years in IT foundational experience.         
• CISSP considered a strong asset, with other Security industry technical certifications (CEH, GIAC, Security+, OSCP) also helpful.
• CCSP or similar studies would be a strong addition.
• Intermediate level understanding of LAN/WAN technologies, TCP/IP stack, OSI layer.
• Knowledge of security attack methodologies and understanding of the anatomy of an attack. 
• Proficient understanding of core Microsoft technologies such as Active Directory, MS Exchange.
• Comfortable and adaptable to taking on various roles, both on a technical level and operational level.
• Demonstrated technical aptitude in compromise kill-chain cycles, innate ability to think like a malicious actor.
• Demonstrated ability to apply IT in solving security problems.
• Strong analytical and problem-solving skills, excellent interpersonal skills.
• Self-motivated individual, with a willingness to learn and apply new information.
• Excellent understanding of project management principles.
• Excellent verbal and written communication skills.
• Strong team player.

  Licenses and/or Professional Accreditation

• GIAC, CISSP, Security+ or other Information Security certificates.

At BGIS we believe that diversity and inclusion is a key business driver, such that we never lose sight of its importance as it is woven into the fabric of our organization. We are committed to maintaining a barrier-free recruitment process by providing equal employment opportunities through recruiting and retention of individuals of all backgrounds. We recognize that promoting diversity is an essential component of our continuing pursuit for organizational success! 

BGIS is an equal opportunity employer and we welcome you to apply for a position with us! If you require accommodation during the recruitment process, please contact us at askHR. Upon request for accommodation, we will consult with the applicant in question and provide, or arrange for the provision of, a suitable accommodation in a manner that takes into account the applicant’s accessibility needs due to disability. 

#LI-HG 
#LI-Hybrid