Information Security Analyst

CWT is one of the world's leading digital travel management companies and as a Business-to-Business-for-Employees (B2B4E) travel management platform, companies and governments rely on us to keep their people connected - anywhere, anytime, anyhow - and across six continents, we provide their employees with innovative technology and an efficient, safe and secure travel experience.

Our Product and Technology division was formed to lead on our CWT 3.0 digital transformation strategy. With a team of highly skilled and experienced individuals, they deliver and manage efficient, quality, and innovative travel technology solutions and technology services for CWT and its customers worldwide.

Position Overview

The Information Security Analyst will report to the Director of Information Security supporting our Military and Government markets. The position will manage and support the Defense and Government environments and support the CWT Global Information Security group. We are looking for a candidate who has strong technical skills, can work independently, takes direction well, and has a comprehensive understanding of the US Federal Government environment, and has worked or supported in an Information Security Audit and or Compliance role.

Position Description

• Reporting to the Information Security Director, will manage security initiatives in the organization

* Provide support to the organizational (CWT ) information security governance program that includes leadership, organizational structures, and processes

* Support governance, risk and compliance development to align industry security frameworks (FISMA, and PCI)

* Advising System Owners of risks to the Information systems and obtaining assistance from CWTSatoTravel management, if necessary, in assessing risk

* Assisting Information systems in completing and maintaining the appropriate security documentation including the system security plan

* Support system Authorization and Assessment (A&A) and creating and maintaining A&A documentation

* Support Application, Database, Network, and Yearly Pen Test for various support environments

* Develops and updates the system security plan, as well as managing and controlling changes to the system and assessing the security impact of those changes

* Promoting CWT information security awareness

* Identifying, reporting and responding to security incidents

* Reviewing Security Advisory Alerts on vulnerabilities

* Evaluating known vulnerabilities to ascertain if additional safeguards are needed; ensuring systems are patched, and security hardened

* Complying with training requirements for individuals with significant security responsibilities

* Manage POA&Ms for assigned systems in accordance with FISMA and General Services Administration CIO IT Security-09-44, "Plan of Action and Milestones (POA&M).

* Reviewing system role assignments to validate compliance with principles of least privilege

• Delivers on key metrics set for the information security program are consistently achieved
• Serve as a liaison between business and technology organizations to ensure that information security related business requirements for protecting sensitive data are clearly defined, communicated, and well understood, and considered as part of operational prioritization and planning
• The role offers exciting opportunities, including the potential to develop your talent and skills with many different Information security technologies and certifications

#LI-Hybrid

Qualifications

Required Qualifications

• U.S. Citizen/US Soil or have resided in the U.S. 3 out of the past 5 years
• Bachelor's or Master's degrees or equivalent related work experience
• Knowledge of various emerging technologies and adoption of security compliance initiatives to secure data
• Excellent Communication Skills
• Ability to thrive in a fast-paced environment
• 5-8 years of industry specific experience
• Knowledge in Information Security Management, Assessment and Authorization (A&A)
• Highly adaptable to new technologies and their application to business requirements
• Self-motivated; able to set short and long term goals to meet operational needs
• Strong personal skills for managing staff, working with clients, and professionals
• Knowledgeable of supporting NIST programs, Risk and Security Assessments
• Identify, Mitigation, and Remediation Analysis of Security vulnerabilities

Preferred Qualifications

• Knowledge of NIST 800-53 and 800-171 Framework
• Knowledge of industry security management practices
• Knowledge of security-related government regulatory requirements, emerging trends, and issues

Personal Attributes

• Proven ability and initiative to learn and research new concepts, ideas, and technologies quickly
• Advanced analytical, conceptual, and problem-solving abilities
• Ability to work in a team-oriented, collaborative global work environment
• Highest personal and professional integrity and strong work ethics
• Ability to articulate vision of transformation efforts and a sense of mission
• Demonstrated ability to manage adversity and challenging situations

Relationship Management

• Ability to manage senior relationships across all CWT organizations
• Ability to develop cooperative and constructive working relationships
• Ability to handle complaints, settle disputes, and resolve conflicts, and negotiate with others
• Collaborative team player orientation towards work relationships, strong culture awareness