Senior IT Security Analyst

• Conduct risk assessments and manage the development and execution of business continuity and disaster recovery plans.
• Participate in Third Party Risk Management activities including Vendor evaluations and Security Reviews
• Participate in the investigation and review of potentially fraudulent activities.
• Perform data and system classification of all systems.
• Track all vulnerabilities and risks stemming from security controls and technical scan findings; and perform appropriate reporting and tracking of those risks.
• Review business and technology operations and provide risk reduction or mitigation strategies.
• Ability to use enterprise vulnerability management tools to conduct security reviews
• Scan agency assets and direct the remediation of identified flaws, coordinating with responsible system owners as necessary, draft and file exceptions as appropriate.
• Monitor alerts and participate in response to security events or policy violations.
• Develop new and maintain existing policies and procedures related to the information security program.
• Assess the implementation of systems and business processes to validate that the required controls are being implemented and working as expected, document system security plans.
• Serve as primary contact for internal and external auditors' requests for information during annual audits; respond to follow-ups questions from auditors and develop mitigation plans for identified findings.
• Provide requirements for permissible use within the agency and participate in third party contract reviews to ensure that vendors can meet Commonwealth security requirements.
• Provide ongoing vendor management and oversight to validate third-party service and technology providers remain compliant with control requirements and have necessary contract language in place.
• Automate repeatable task to improve efficiencies.
• Work with CISO, ISO and others to develop KPI's for security alerts and response
• Serve as Subject Matter Expert (SME) on information security-related projects and initiatives assigned
• Works with all levels of management and staff to improve processes and procedures.

   Must Have Skills:

• Must have a minimum of 10 years of experience with information security, data analytics, and fraud prevention.
• Working knowledge of vulnerability scanning tools, such as: Rapid 7, Tenable, and Burp Suite is required.
• Working knowledge of Splunk & Microsoft Windows is required.
• Working Knowledge of NIST 800-53 is required.
• Previous professional experience training staff on security protocols,
• Experienced in working with third-party providers and managing vendors

Preferred Skills (Nice to Have)

• Technical certifications such as ISC2 CISSP, ISC2 CGRC, CompTIA CASP, or equivalent security certifications are preferred.
• Experience in a financial organization is preferred.
• Prior experience as an ISSO or BISO is preferred.
• Ability to enforce information security principles and policies