What does an Information Security Analyst do?

An information security analyst is an important team member in an Information Technology department. People in this position help organizations take measures to protect sensitive and mission-critical data. The analyst will help develop, implement, and ensure compliance of policies to protect an organization’s data from being inappropriately accessed or used.

Excellent technical skills are critical so that the information security analyst can discern and take measures to prevent data security attacks. These attacks may come from inside or outside the organization. The analyst may be included in planning for other threats to the organization's data, such as threats caused by severe weather, maintaining power to servers in case of a local outage, and planning for continuing operations at alternate sites in case the main operations site needs to be shut down.

Some common duties of a person in this position are to create plans to prevent malicious or inadvertent use of data, create plans for emergency use, train users on security measures, and monitor access to data. Along with these duties, the information analyst may also be tasked with reviewing information on viruses and ensuring virus protection is in place. They may be asked to assess risks of data exposure as well as validate that security systems are in place and working as designed. The analyst may serve as experts on application development project teams to ensure the application complies with the organization’s information security standards.

An information security analyst job description may include a need for expert knowledge in the systems technology used by the hiring organization. Some organizations may require a certain number of years of experience. Additional requirements that an organization may find desirable are a four-year degree in a technical field, network and system administration experience, and programming experience.

There are other skills helpful for information security analysts. Developing an ability to communicate with audiences of differing technical skills is valuable. When communicating security concerns to non-technical staff, the analyst must be able to make technical concepts understandable by a general audience. A good understanding of the organization’s business will help the analyst perform more effectively, as it is useful to understand which information is most critical to the organization’s mission and more likely to need protection.

Those who are interested in an information security analyst job must be willing to keep up on technology developments that affect the field of information security. Similarly, the analyst will need to keep abreast of trends in attacks such as viruses and hacker attacks. Moreover, information security legal requirements may change, and so the analyst must also stay abreast of regulatory requirements.