Information Security Analyst


We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS. We are the United Problem Solvers.

About Information Security at UPS Technology:
The Information Security Analyst participates in the identification, tracking, and monitoring of information security threats and service operations. He/She utilizes established processes and tools to focus on incident response, threat identification, analyses, and remediation. This position participates in the implementation and integration of risk management procedures. He/She supports the processes for technical and physical risk management to protect UPS’s information assets. This position assists with the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties.

About this role:
This Information Security Analyst “Security Officer” role is responsible for approving and monitoring user access for healthcare-validated applications (including oversight of user provisioning & user role management). Additionally, this position is responsible for performing periodic user access reviews and enforcing segregation of duty (SOD) requirements. S/he will:

Review, approve and assign user access requests that are submitted via access provisioning request portals (SailPoint, ID Portal, APRS), and email
Perform periodic access reviews of various supported applications (approx. 25), ensuring enforcement of the principle of least privilege
Ownership of User Access Administration Work Instructions for approximately 12 applications, which are controlled documents in the Quality Management System
Assist in examination of internal controls to determine design and operational effectiveness
Assist with remediation of control deficiencies identified during audits
Support IT compliance programs to ensure we are aligned with UPS organizational, regulatory, and risk obligations (including HIPAA and FDA 21 CFR 11 regulatory requirements)
Establish and maintain information security and compliance metrics that are meaningful and actionable
Responsible for monitoring and managing information technology processes in relations to user access provisioning to ensure compliance with GMP (Good Manufacturing Practice), SSAE16 controls (Service Organization Controls Audits), UPS Information Use and Security Compliance Manual, and UPS Standard Practice Manual.

Minimum Qualifications:
Minimum of 2 years of work experience in IT compliance or IT audit or Information Security
I.T. Auditing fundamentals
Information Security Controls
Privileged Access Management
Attention to Detail
Effective Communication
Project Planning
Access Control Analysis
Auditing Controls
I.T. General Computer Controls
Privileged Access Management
Ability to follow detailed procedures and processes with a high degree of accuracy
Possess the ability to multi-task and adjust to shifting priorities
Possess strong verbal and written communication skills, as well as strong planning skills
Ability to solve complex problems in a timely manner by working with multiple stakeholders
Ability to work with moderate supervision

Preferred Qualifications:
Must have a Bachelor's degree in Computer Science or Information Security or 2 years Information Security experience
Familiarity and understanding of Information Security Management frameworks such as COBIT, NIST CSF or ISO 27001 is a plus
Experience with data extraction using SQL, Microsoft Access or other tools is a plus
Proficiency with Microsoft Excel and SharePoint is a plus
Experience with FDA 21 CFR 11 compliance and Good Documentation Practice (GDP) is a plus
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.

UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law