Senior IT Security Analyst

The Senior IT Security Analyst is part of the CyberSecurity Architecture and Engineering organization. The incumbent is responsible for two core functions within the enterprise: identification, investigation, design, and remediation of data security deficiencies across the organization, and day-to-day evaluations of existing data security solutions. 

Additional tasks include defining and escalating risks in the development and implementation of security solutions, which align into S-W security architecture. This includes evaluating applications across the company for potential security gaps. The Senior IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

The Senior IT Security Analyst is responsible for leading enterprise-wide projects/implementations that promote security best practices and improve existing security posture. Key functions of this role will be to evaluate risk, design controls, and protect data.

The Senior IT Security Analyst will collaborate with business partners across the organization. This will include relationship building across functional roles in different departments and the opportunity to interface with a variety of business systems. This role will have a close working relationship with our Data Security Architect who will provide guidance and help drive team initiatives. The Senior IT Security Analyst will report directly to the CyberSecurity Data Security Manager (Process). 

Strategy & Planning

• Participate in the planning and designing of enterprise data security architecture, under the direction of the Data Security Manager, where appropriate.
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the Data Security Manager, where appropriate.
• Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Data Security Manager, where appropriate.
• Develop and communicate policies, procedures, and plans to executive team, staff, partners, customers, and stakeholders regarding technology and industry-specific laws.

Acquisition & Deployment

• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Perform the audit, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.

Operational Management

• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Monitor all in-place security solutions for efficient and appropriate operations.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Participate in investigations into problematic activity. 
• Collaborate with IT, security, human resources, and legal to ensure full legal compliance of company policies, procedures, forms, notices, and materials.
• Maintain a strong awareness of legislative changes or amendments to ensure ongoing and future compliance.
• Advocate company’s compliance policies via regular written and in-person communications. 
• Ensure that information security measures and equipment adhere to all applicable laws and regulations.

Incidental Functions

• Monitor security systems and analyzes potential threats and vulnerabilities to client databases and networks.
• Assist in the analysis of network traffic and alerts to assess, prioritize, and differentiate between potential intrusion attempts and false alarms.
• Assist with other projects as may be required to contribute to efficiency and effectiveness of the work that helps the team succeed.
• Prepare and lead presentations on key initiatives. 

This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa.

This position has a hybrid work schedule with three days in the office and the option for working remotely two days.

Formal Education & Certification

• Bachelor’s Degree (or foreign equivalent) or in lieu of a degree, at least 12 years of experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business).

Required Knowledge & Experience

• 5+ years of IT and/or business- experience.
• Familiarity with Data Protection concepts.
• Demonstrated skill in leading effective meetings with business and IT.
• Strong communication, analytical, and problem-solving skills.
• Proficient in use of Windows OS and MS-Office tools.

Preferred Experience

• 5+ years of Cyber Security experience
• 2+ years of experience working with Data Loss Prevention tools
• 2+ years of experience working with data tools and platforms (Ex: Snowflake, Dataiku, Business Objects, Tableau, MicroStrategy, etc.) in one of the following areas: 
  Data Product Analyst OR IT Business Analyst OR Security Analyst.
• Experience working with IT Audit, Compliance, or Information Security.
• Working knowledge of information security concepts related to Data Protection methodologies.
• Experience working with Security technologies (Ex: DLP, EDR, Proxy, SIEM, etc.)
• Experience evaluating cyber risks or threats 
• Experience with embedding security into the software development lifecycle.

Personal Attributes

• Strong orientation to customer service.
• Good written, oral, and interpersonal communication skills.
• Ability to provide security support services to the enterprise.
• Self-motivated and directed.
• Team oriented and skilled in working within a collaborative environment.
• Strong commitment to inclusion and diversity.
• Minimal travel.
• Work outside the standard office 7.5 hour workday may be required with on-call availability.

Here, we believe there’s not one path to success, we believe in careers that grow with you. Whoever you are or wherever you come from in the world, there’s a place for you at Sherwin-Williams. We provide you with the opportunity to explore your curiosity and drive us forward. Sherwin-Williams values the unique talents and abilities from all backgrounds and characteristics. All qualified individuals are encouraged to apply, including individuals with disabilities and Protected Veterans. We’ll give you the space to share your strengths and we want you show us what you can do. You can innovate, grow and discover in a place where you can thrive and Let Your Colors Show! 
At Sherwin-Williams, part of our mission is to help our employees and their families live healthier, save smarter and feel better. This starts with a wide range of world-class benefits designed for you. From retirement to health care, from total well-being to your daily commute—it matters to us. A general description of benefits offered can be found at http://www.myswbenefits.com/. Click on “Candidates” to view benefit offerings that you may be eligible for if you are hired as a Sherwin-Williams employee.
Compensation decisions are dependent on the facts and circumstances of each case and will impact where actual compensation may fall within the stated wage range. The wage range listed for this role takes into account the wide range of factors considered in making compensation decisions including skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled.
The wage range, other compensation, and benefits information listed is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.
Sherwin-Williams is proud to be an Equal Employment Opportunity/Affirmative Action employer committed to an inclusive and diverse workplace. All qualified candidates will receive consideration for employment and will not be discriminated against based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, age, pregnancy, genetic information, creed, marital status or any other consideration prohibited by law or by contract.
As a VEVRAA Federal Contractor, Sherwin-Williams requests state and local employment services delivery systems to provide priority referral of Protected Veterans.