InfoSec Analyst

The InfoSec Analyst at Arkana Laboratories is primarily responsible for developing information security policies, conducting risk assessments, and managing security governance documentation. They facilitate security assessments for clinical trials and collaborate with stakeholders to implement necessary security controls. Additionally, they respond to IT security events and support external client engagements and audit activities.

To become an InfoSec Analyst at Arkana Laboratories, one should ideally have a Bachelor’s degree in computer science or a related field, along with at least 3 years of experience in IT or SOC environments. Strong analytical skills, attention to detail, excellent communication abilities, and a foundational understanding of information security best practices are critical. Interest in pursuing certifications like CISSP, CISA, or CISM is also an advantage.

The InfoSec Analyst plays a vital role in risk management by conducting comprehensive assessments at various levels—network, system, application, and vendor systems. In this capacity, they evaluate results against established policies and industry standards, identifying vulnerabilities and implementing controls that ensure Arkana’s compliance and security integrity.

As an InfoSec Analyst at Arkana Laboratories, you will be offered a competitive salary along with generous paid time off and holidays. Additional benefits include low-cost health insurance, 401(k) matching, life and long-term disability insurance, affordable vision and dental plans, wellness programs, and complimentary in-office perks like yoga classes and massages, fostering a balanced work-life environment.

The InfoSec Analyst position at Arkana Laboratories is an onsite role based in our main office located in Little Rock, Arkansas. This allows for real-time collaboration with a dynamic team and ensures seamless integration into our robust cyber security culture.

In answering this question, be specific about the types of risk assessments you've conducted, such as technical, network, or vendor evaluations. Mention any methodologies you used, like NIST or ISO standards, and provide examples of how your assessments influenced security decisions or policy changes.

To answer this effectively, talk about the resources you follow, such as industry blogs, webinars, or conferences. Highlight any relevant certifications you are pursuing or communities you are active in that keep you informed on the latest technologies and threats in information security.

Discuss your approach to understanding core business functions and how you engage with different departments to assess their needs. Give examples of how you've successfully implemented security controls that align with business objectives while still meeting compliance mandates.

Use the STAR method to describe the situation, task, action, and result. Be specific about the incident details, your role in managing the crisis, and any steps taken to prevent similar incidents in the future.

Mention specific tools you've worked with (like SIEM solutions, firewalls, or intrusion detection systems) and detail your experience in leveraging them for monitoring threats, detecting anomalies, and managing incidents effectively. Highlight any achievements resulting from their use.

Explain your process for creating security documents, including assessing existing policies, consulting with stakeholders, and aligning with industry standards. It helps to provide a specific example of a policy or procedure you've developed and its impact.

Discuss your familiarity with relevant regulations such as HIPAA or GDPR and how you ensure compliance through regular audits, employee training, and policy updates. Offer an example of a compliance initiative you led or participated in.

Share your insights on evolving threats like ransomware or phishing. Discuss the increasing importance of cloud security and how it impacts traditional security models, reflecting on your perspective as an InfoSec Analyst within that context.

Detail your experience with creating and testing disaster recovery plans and emphasize the importance of documentation and practice drills. Mention any specific example where you contributed to improving disaster recovery processes.

Talk about key performance indicators (KPIs) and key risk indicators (KRIs) you track, emphasizing how they provide insight into the organization’s security posture. Give examples of how these metrics informed decisions or improvements within the organization.