Job ID: 1052606 Location: Nigeria Full-Time: Regular Role Description
The Information Security group is responsible for identification, research, development, and implementation of technologies that maintain a comprehensive worldwide program for the proactive protection of Pfizer’s proprietary information.
You will play a diverse, but central role, utilizing a combination of technical, analytical and professional skills to support and maintain Data Leakage Protection (DLP) and User and Entity Behavior Analysis (UEBA) systems for use by a team of intelligence analysts. In addition, you will also work directly with the analysts to gather, interpret, analyze, and evaluate results from various sources including network and host-based DLP and UEBA to identify improper use of company Intellectual Property and/or Proprietary Information.
Assessments may include interpretation of technical data such as attributes from email, email header information, and numerous forms of network data traffic.
You will be required to synthesize the technical data, correlate events, and evaluate trends into a non-technical report that provides meaningful insight for investigators and appropriate levels of Senior Management or external law enforcement.
You will be required to learn various business operations to ensure information security policies, best practices and recommendations are not being violated. You will assist in defining appropriate changes to Information Security policies, processes, and work instructions.
This is a unique opportunity to make a significant contribution to a vital team within the Global Security organization, providing the satisfaction inherent in knowing that what you do every day truly makes an important contribution to patient health and safety while protecting Pfizer’s colleagues, property, reputation, and the integrity of our medicines.
The Information Security Manager will report directly to the Director, Information Security, and may interact with a wide variety of people, including other Information Security Analysts, Forensics Investigators, Global Security Investigators, Global Security Intelligence Analysts, or the IPP Technical Lead as necessary to complete assignments.
Responsibilities Technical maintenance, troubleshooting, and break/fix on content monitoring system (DLP) and User/Behavior Analysis Systems (UEBA) responsibilities:
Develop specific expertise in areas such as Insider Threat models, discern patterns of complex behavior, and provide an accurate understanding of present and future threats to company intellectual property.
Work with the Director to perform analytics work on root cause analysis to identify patterns and trends, identify and evaluate lessons learned from internal investigations to shape processes, work instructions, policies and best practice recommendations to reduce likelihood of incident recurrence.
Analyst responsibilities:
Detect and investigate anomalous behavior that may indicate threats to Pfizer’s Intellectual Property assets. Determine the significance, accuracy, and reliability of incoming information.
Review and analyze DLP and User/Behavior Analysis System (UEBA) incidents to identify, prioritize and report issues for review and correction. Identify, extract, analyze, and evaluate essential information from a variety of sources to support research and analysis.
Provide forensic analysis support to other Pfizer internal teams in relation to incidents and investigations. Initiate, establish, and maintain effective working relationships inside and outside the immediate team to facilitate information gathering or support joint investigative efforts.
Be guided in the performance of daily duties by existing and anticipated legislation/regulations worldwide, as well as a thorough knowledge of company policy and technical best practices. The Information Security Manager’s authority will be derived from the company’s need to adhere to these laws and policies.
Fully supportive of others individuality and respect for diverse backgrounds / viewpoints in collaborative, team oriented problem-solving environment.
Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
Reliable in attendance and punctuality.
Qualifications
Bachelor’s Degree in Biological Sciences, Chemical Sciences, Computer Sciences, Mathematics or equivalent experience is required.
Master’s Degree in Biology, Chemistry, Computer Sciences, Mathematics or equivalent experience.
5+ years of experience in analytic methodologies information security, law enforcement, military or professional intelligence analyst position is required. Experience in performing intelligence analysis is mandatory, preferably in a specific area related to the desired job.
Active participation in information security industry forums or other information security leadership organizations and/or relevant industry certifications is highly preferred. For example:
IALEIA/LEIU (International Association of Law Enforcement Intelligence Analysts/Law Enforcement Intelligence Units) Foundations of Intelligence Analysis training certification and IALEIA/LEIU membership or equivalent is desirable.
Carnegie Mellon University Software Engineering Institute: Insider Threat Program Manager Certification or equivalent is desirable.
Open Source Insider Threat (OSIT) Information Sharing Working Group membership is desirable.
CISSP (Certified Information System Security Professional) from ISC2, CISM from ISACA or the GSEC (GIAC Security Essentials Certification) from the SANS Institute or similar certification are desirable.
Demonstrated strong organizational, writing and communication skills, and integrity and trustworthiness in previous work experience is essential, as is impartiality and objectiveness when evaluating facts and an ability to display sound judgment when deciding amongst several alternatives.
Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team
Experience writing security white papers and/or presenting on security topics, breaking down highly technical concepts so the average lay person can understand the issues.
Strong general IT and Information Security background, including:
Working knowledge of and demonstrated capability in Linux/Unix, and SQL.
Must possess a firm grasp on concepts such as computer networks, incident correlation, and forensic analysis.
Must possess the ability to identify and correlate incidents shown on a dashboard by any available attributes such as IP Address, network protocol, etc.
Must be able to understand technology such as firewalls, web proxies, data lakes, etc. and be able to understand how they can be used to support intelligence operations.
Able to demonstrate familiarity with data protection techniques including IRM/DRM, encryption, backup and archiving for the protection of sensitive information such as Intellectual Property (IP) and Personally Identifiable Information (PII).
Knowledge of other spoken (vs. computer programming) languages is extremely useful in the job, but is not required.
Able to demonstrate an understanding of commonly used targeted Insider Threat and Data Exfiltration techniques, tactics, and procedures.
Critical Thinking skills are necessary and the need to understand the data and how all pieces can be used together to see the larger picture.
The ability to determine significance and reliability of incoming information, following every lead to its logical conclusion.
When necessary, must be able to prioritize leads according to established criteria.
Excellent communication skills, including the ability to assemble and present data and reports, including accurately presenting analysis, assumptions, and predictions in short concise business terms to brief Pfizer leadership at all levels within the organization concerning risks and threats.
Must also be skilled in creating reports, infographics, and presentations using Tableau or similar analytical reporting products.
Ability to demonstrate Tableau (or similar analytical reporting product) proficiency.
Ability to work under general supervision, applying judgment and experience to best accomplish work assignments within the time allocated. Expected to independently develop alternatives to address problems and select appropriate solutions, keeping management appropriately informed.
Ability to work independently and in a team-oriented, collaborative environment.
Fully supportive of others individuality and respect for diverse backgrounds / viewpoints in collaborative, team oriented problem-solving environment.
Due to the confidential nature of the data involved, a high level of discretion, integrity, and strong ethical values are vital to the position, as is the ability to discreetly conduct security investigations while maintaining privacy and confidentiality. Demonstrated integrity and trustworthiness in previous work experience is essential, as is impartiality and objectiveness when evaluating facts and an ability to display sound judgment when deciding amongst several alternatives.
Physical/Mental Requirements:
Requires sitting and working on a computer for long periods of time.
Non-Standard Work Schedule, Travel or Environment Requirements:
Must be able to travel (infrequently) in support of the business, to attend conferences, or to attend training
works flexible business hours from Monday through Friday, and may be asked to work additional hours in the evening or on weekends as needed, especially if there is an overflow of information to analyze or a strict deadline to meet in presenting that information.
go to method of application »
Note: When the page opens, select your preferred location from the drop down menu and click on Search e.g Select “Africa – Nigeria, then click Search”
Apply via :
globaljobs.pfizer.com