Day to Day:

The Information Security Analyst is responsible for information security policy development and maintenance, design of security policy education, training, and awareness activities, monitoring compliance with Bowlero Corp IT security policy and applicable law and coordinating investigation and reporting of security incidents. The Information Security Analyst will work with the Network, Systems, and Security teams to perform network penetration tests, application vulnerability assessment scans, and risk assessment reviews.

Information Security Monitoring and Auditing: (50 %)

Monitor and advise on information security issues related to the systems and workflow at Bowlero Corp to ensure the internal security controls are appropriate and operating as intended.

Monitor current reports of computer viruses to determine when to update virus protection systems.

Monitor use of data files and regulate access to safeguard information in computer files.

Conduct company-wide data classification assessment and security audits and manage remediation plans.

Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.

Perform internal and external vulnerability scans and penetration tests as well as coordinating through vendors and remediate discovered vulnerabilities.

Administer phishing tests, analyze data, and coordinate security training based on results

Review and test firewall configurations, data transport and encryption configurations, and other security configurations to identify required configuration changes.

Information Security Program Management: (30 %)

Conduct security research in keeping abreast of latest security issues.

Develop and publish Information Security and Cyber Security policies, procedures, standards, and guidelines based on knowledge of best practices and compliance requirements.

Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

Coordinate implementation of computer system plan with internal personnel and outside vendors.

Coordinate and execute IT security projects for the company.

Modify computer security files to incorporate new software, correct errors, or change individual access status.

Train users and promote security awareness to ensure system security and to improve server and network efficiency.

Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.

Information Security Incident Management: (10 %)

Establish, document, and maintain standards and procedures for information security incident response.

Coordinate response to information security incidents.

Review violations of computer security procedures and discuss procedures with violators.

Linux expereince

CISSP or CISM certification preferred
Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis, Splunk queries, and compliance testing.

3+ years experience as a security analyst

Experience with PCI/SOX/HIPPA/FIPS or other information security standards

BA or BS in Computer Science, Programming, Engineering, or related field