The Security Classification Analyst is an important support role in the Chief Information Security Officer (CISO) organization of LogMeIn, reporting to directly to the Director of Security PMO. The role will be responsible for establishing (in terms of operationalizing), and maintaining, the existing data security classification scheme and ensuring the security policies will be enabled and enforced via the classification system. Fundamental concepts like data classification schemes, systems, enforcement controls, and proper tracking mechanisms, as well as privacy and project life cycle concepts are required for this position. This is a position of trust, and requires a thorough, accountable, and reliable character that is handling some of the most critical aspects of data security and privacy. The focus of this role is internal organizational controls, with the ability to understand and map other entities (business partners, customers, government agencies) classification systems to that of LogMeIn and ensure proper classifications are applied to all incoming, outgoing, and processed data over time.
- Understand the new classification scheme(s), levels, associated security and privacy controls, and automation requirements.
- Help develop and support a comprehensive project that will address over time the entire enterprise and its data structures, repositories, and storage environment, be it in the cloud, on-prem in data centers, or at home while working from anywhere. This will prepare and then ensure a comprehensive security environment that addresses data security and privacy in every aspect, business processing step, location, and business area (all organizational units, all product lines).
- Participate in the performance of technical PoCs to select appropriate data classification tools, systems, and processes to support policy enablement and enforcement. The technical parts and implementations will be handled by security engineers.
- Validate existing or developed (built) solutions over time, build an appropriate roadmap for upgrades or decommissions and plan appropriate process steps to ensure consistent, global, all-encompassing (comprehensive end-to-end) data classification.
- Integrate into an existing security team and ensure full adoption of concept and operationalization of security classification within the team, its processes, and objectives.
Teamwork with SecOps, GRC, Legal, and other units is key and required.
- Help the CISO to establish a functioning, and abided by, security classification system that enables enterprise security controls and data protection regimes on a global scale.
- Other duties or tasks as assigned by management
As LogMeIn is a global organization, the Security Classification Analyst is expected to have some regular meetings and conference calls outside of normal respective office hours to cover for regions like Australia, Asia, Europe, and the Americas. Flexibility on good time management and covering a global organization is required.
- A High school diploma plus security and privacy certifications (with focus on principles like data minimization, classification, risk management, security controls, privacy and security by design)
A higher degree in a technical/security field would be beneficial. This is an opportunity for someone that is willing to learn, contribute, execute, and grow quickly, and where you can put your mark on a leading security organization that has clients all over the world
- Knowledge of security controls frameworks such as CIS Top20, ISO27001/27002, NIST 800-53, SOC1-3, PCI, and others is important you need to prove comprehension of at least one of these in detail, the others can be learned/mapped over time
- Fast & complete thinker, conceptually strong, and well experienced in such technology solutions that enable data classification schemes. You must be able to think (and solve) such a project through completely logic, business case / reason, tech requirements, possible solutions, PoCs, acquisition (or build), implementation, pilot, roll-out, operationalization, maintenance, support, and continued development. This is not for the faint of heart person this requires a resilient mind.
- Excellent interpersonal communication, teamwork and project-, and program management skills
- Strong sense of accountability with the ability to work independently under the guidance and direction of the Director of PMO and/or the CISO with limited supervision
- Strong proven analytical and troubleshooting skills
- Strong personal integrity, accountability, the ability to take ownership of this long-term project
- Proven ability to persuade, overcome initial resistance, follow up in cases of misalignment or unproper adherence to issued policies / procedures, and non-compromising on adherence to data classification schemes
- High intrinsic motivation to move the needle and mature existing processes or structures to improve performance, resiliency, and security outcome. Must see and use data classification as a means to build security & privacy by design, by default, and by deployment, and not as an end in itself
LogMeIn Product Portfolio: https://www.logmeininc.com/products
LogMeIns category-defining products unlock the potential of the modern workforce by making it possible for millions of people and businesses around the globe to do their best work simply and securelyon any device, from any location and at any time. A pioneer in remote work technology and a driving force behind todays work-from-anywhere movement, LogMeIn has become one of the worlds largest SaaS companies with tens of millions of active users, more than 3,500 global employees, over $1.3 billion in annual revenue and approximately 2 million customers worldwide who use its software as an essential part of their daily lives.