HBITS-06-13702
Duties include, but are not limited to:
- Implement information security and compliance programs for IT systems and OT systems.
- Conduct written risk assessments for existing systems/solutions, new systems/solutions, and services in use or to be used by the business.
- Assist with management and resolution of security threats to business information systems.
- Serve as information security analyst and evaluate systems and contracts for alignment with Business and State information security policies.
- Monitor and remain aware of information security industry trends, tools, and techniques.
- Perform additional duties as required.
Security Analyst Plans and carries out security measures to protect an organization's computer networks and systems.
Mid-Level 36 - 60 months: Candidate is able to work independently, without assistance.
- 60 months experience implementing information security and compliance programs for IT systems and OT systems.
- 60 months experience conducting written risk assessments using industry standards such as NIST, CIS Critical Controls, ISO 27001, etc.
- 48 months experience triaging and determining mitigation plans (with and/or without Vendor) to resolve security threats to business information systems.
- 48 months experience evaluating business systems (Commercial Off the Shelf and Custom Developed) for alignment with IT and OT information security policies.
- 36 months experience in securing cloud environments
- 36 months conducting information systems security analysis using Secure System Development LifeCycle (SSDLC)
- Applicable Information Security or Information Technology certifications such as GSEC, GOCSP, CGEIT, CISA, CRISC, GCCC, Security+, Network+, CCSP, CSSLP, ISSAP, ISSEP, SSCCP, etc.
- Bachelor's Degree or higher in one or more of the following: Information Security, Computer Science, Information Science, Information Assurance, Information System Management, Cybersecurity, Digital Forensics, IT Governance, Compliance and Risk Assessment