Security Analyst

Requirements

• 60 months experience implementing information security and compliance programs for IT systems and OT systems.
• 60 months experience conducting written risk assessments using industry standards such as NIST, CIS Critical Controls, ISO 27001, etc.
• 48 months experience triaging and determining mitigation plans (with and/or without Vendor) to resolve security threats to business information systems.
• 48 months experience evaluating business systems (Commercial Off the Shelf and Custom Developed) for alignment with IT and OT information security policies.
• 36 months experience in securing cloud environments
• 36 months conducting information systems security analysis using Secure System Development LifeCycle (SSDLC)
• Applicable Information Security or Information Technology certifications such as GSEC, GOCSP, CGEIT, CISA, CRISC, GCCC, Security+, Network+, CCSP, CSSLP, ISSAP, ISSEP, SSCCP, etc.
• Bachelor's Degree or higher in one or more of the following: Information Security, Computer Science, Information Science, Information Assurance, Information System Management, Cybersecurity, Digital Forensics, IT Governance, Compliance and Risk Assessment

Responsibilities
Duties include, but are not limited to:

• Implement information security and compliance programs for IT systems and OT systems.
• Conduct written risk assessments for existing systems/solutions, new systems/solutions, and services in use or to be used by the business.
• Assist with management and resolution of security threats to business information systems.
• Serve as information security analyst and evaluate systems and contracts for alignment with Business and State information security policies.
• Monitor and remain aware of information security industry trends, tools, and techniques.
• Perform additional duties as required