Senior IT Application Security Risk Analyst in Rochester, NY at Windstream

Date Posted: 3/13/2018

Job Snapshot

  • Employee Type:
  • Location:
    Twinsburg OH 1925 Enterprise P
    Rochester, NY
  • Job Type:
  • Experience:
    At least 5 year(s)
  • Date Posted:

Job Description

Job ID:18000808

Senior IT Application Security Risk Analyst

The Senior IT Security Risk Analyst position is a senior level position on the EIRS team. This position will lead multiple aspects of information risk management for Windstream with a focus on application security.  In this exciting role, you will work with business units, process owners, and cutting-edge technologies to assess, detect and mitigate security risks.  The ideal candidate for this position should have significant IT security experience, excellent networking skills, a strong understanding of information security risks, IT technologies, and a passion for the security discipline. The Sr. IT Security Risk Analyst will be responsible for application security testing, conducting risk assessments, developing IT security risk profiles, reviewing project initiatives, ensuring compliance with applicable control frameworks, and participating in governance activities to ensure risks are appropriately identified and addressed during the Project and Software Development Life Cycles. 


  • Experience with application security program efforts and integrations activities.
  • Ability to communicate and collaborate with multiple lines of business and information technology teams within Windstream to help provide effective solutions
  • Experience working in a consultative role providing guidance and requirements to development, systems, network and infrastructure teams, while driving the enterprise risk and security strategy and policies
  • Lead application security risk or compliance remediation efforts
  • Ability to provide recommendations for information security policies and standards
  • Prepare and present application security assessment reports and recommendations to reduce information security risks to system owners and business units
  • Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes and operations.
  • Other duties as assigned


  • College degree in business, computer science, information systems, engineering, or a related discipline required.
  • 5+ years of experience with Information Security and Risk Management initiatives, teams, and programs.
  • Application security testing experience and development background
  • Proficient understanding of network security technologies including firewalls, Intrusions Detection and Prevention Systems, Router ACLs, Enterprise Anti-Virus, Content Filtering, etc.
  • 3+ years of demonstrated experience with ISO 27002:2005, NIST 800-53, Cobit, SOX, PCI and/or other Information Security Management Frameworks.
  • Demonstrated project management skills


  • Network / System Administration experience / background preferred
  • 1+ year experience with PCI compliance efforts.
  • Audit background a plus
  • Security Certifications a plus (i.e. CISSP, CISM, CCNA, CCSP)
  • Cobit and ITIL experience

Job Requirements

Minimum Requirements:College degree in a Technical or related field and 3-5 years professional level experience with 0-1 year supervisory experience for roles with supervision; or 7+ years professional level related Technical experience with 0-1 year supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.