CooperVision, a division of CooperCompanies (NYSE:COO), is one of the world’s leading manufacturers of soft contact lenses. The Company produces a full array of daily disposable, two-week and monthly contact lenses, all featuring advanced materials and optics. CooperVision has a strong heritage of solving the toughest vision challenges such as astigmatism, presbyopia and childhood myopia; and offers the most complete collection of spherical, toric and multifocal products available. Through a combination of innovative products and focused practitioner support, the company brings a refreshing perspective to the marketplace, creating real advantages for customers and wearers. For more information, visit www.coopervision.com

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $87,000 and $145,000. The actual base pay includes many factors and is subject to change and modification in the future. This position may also be eligible for other types of compensation and benefits.

Job Summary: The Information Security Analyst is responsible for providing security expertise to all levels of the global company and partnering with various parts of the organization to reduce enterprise risk. The Information Security Analyst will work under the direction of their Senior Analyst peers, Security Engineers, and the Manager of Global Information Security.

Essential Functions & Accountabilities:

· Monitor systems for signs of intrusion, triaging alerts, evaluate, categorize, and resolve security events before they become security incidents.

· Respond to security requests and inquiries. (i.e., Ticketing System, E-mail, Alerts/Notifications, etc.).

· Perform administration and tuning of security tools including SIEM, NAC, firewalls, IDS/IPS, secure email gateway, etc.

· Participate in the integration of security strategy and architecture with business and IT strategy.

· Participate in proofs-of-concept for new security technologies.

· Participate in an annual review of policies and procedures to support information security, risk, and security compliance activities.

· Execute incident handling playbooks through completion during complex incident response scenarios

· Perform complex forensic techniques and procedures on critical systems.

· Investigate escalated incidents from Managed Security Services Provider (Level 1) and perform second level analysis to assess risk

· Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of Information Security Engineers and the Information Security Manager.

· Contribute to the enhancements of security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions; teaching improved processes.

· Assist in the writing of functional requirements/specifications documents.

· Participate in the implementation of security systems by utilizing intrusion detection methodologies and equipment; installation and calibration of equipment and software; implementing preventive and reactive measures; PKI management; providing technical support; completing documentation.

· Respond to Intrusion Detection System (IDS) and perimeter alerts.

· Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.

· Upgrade security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.

· Active Cyber Incident Response Plan (CIRP) participant.

· Provide feedback on vendor relationships ensuring that service levels and vendor obligations are met. Assess vendor development/test strategies.

· Advocate for security best practices and promote security awareness at all levels.

· Handle sensitive/confidential security issues in a professional and confidential manner.

· Comply with applicable change management policy and all department procedures.

· Perform other duties as assigned.

Travel Requirements: 5% domestic and/or international travel

Qualifications

Knowledge, Skills and Abilities:

· Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments; creative, brings new ideas to the table, exhibits self-confidence. Has strong achievement motivation and tenacity.

· Administrative Skills: Possesses ability to organize and follow-through on multiple tasks, recognizes and attends to important details with accuracy and efficiency. Works to complete goals, tasks, and plans, anticipate potential problems, and analyze alternative solutions.

· Self-Management: (Adaptability/Flexibility, Stress Tolerance, Autonomy); adapts readily to changes in routine; works effectively in stressful situations; needs limited guidance and direction; is comfortable working in a fast-paced environment; is reliable and dependable; is results-oriented; maintains productivity and composure under pressure; views problems as opportunities to create solutions.

· Work effectively both in a team and independently, assisting others as necessary and having a desire to continuously learn and share knowledge

· Understanding of security frameworks, controls, and concepts such as NIST 800-53, ISO 27001, CIS Critical Controls, Cyber Kill Chain, MITRE ATT&CK framework, OWASP Top 20, etc.

· Knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.

· Understanding of infrastructure such as network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus\antimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.

· Knowledgeable of security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.

· Ability to analyze and recommend changes to existing security landscape where necessary to meet information security objectives.

· Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

· Understanding of common cloud technologies and platforms and how to secure them.

· Ability to interact with CooperVision personnel and build strong relationships at all levels, and across all business units and organizations, and to understand business imperatives.

· Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management, and business personnel.

· Programming, scripting and/or networking skills

Work Environment:

· Normal office environment.

· Prolonged sitting in front of a computer.

· Occasionally lift up to 25 pounds.

· Participate in 24x7x365 on-call rotation for emergencies and escalations.

Experience:

· Minimum 2-6 years’ professional IT experience.

· Professional Information Security experience preferred.

· At least 1 years’ experience in working in geographically dispersed technical support teams.

· Be familiar with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act (SOX), the U.S. Health Insurance Portability and Accountability Act (HIPAA), European General Data Protection Regulation (GDPR), various other domestic and international privacy regulations, and Payment Card Industry (PCI) security council standards.

Education:

· Bachelor’s degree in computing science or cybersecurity; or an equivalent combination of education and experience. Post-graduate education or training a plus.

· Security certifications such as: GIAC, CISSP, CISM, Cisco Security or similar preferred