Security Analyst

• Monitors and keep supervisor informed of status of information security and confidentiality conditions, including problem areas and recommended enhancement;
• Interfaces with user customers to understand their security needs and implement procedures to accommodate them including training and assessment.
• Assists with preparing for security audits (e.g. IRS, SSA, OCSE, FBI, SBOA) and remediating any findings; assists with creating and submitting reports relevant to security audits.
• Develop information security policies and standards for protection of information systems in compliance with state and federal requirements (e.g. IRS, SSA, OCSE, FBI, IOT) and guidelines (e.g. NIST SP 800-53).
• Develops Standard Operating Procedures (SOP) for implementing security polices;
• Recommends appropriate security safeguards to be included during development of new information technology systems and legacy systems;
• Ensures maximum utilization of computer hardware and software features to secure automated systems and associated data;
• Develops and implements procedures for use of information security management software;
• Proposes information security software enhancements;
• Performs periodic audits to assure security policies and standards are being followed and are effective.
• Develops recommendations for enhancements and generates reports where necessary;
• Keeps abreast of new laws and changes affecting privacy standards, network security, cloud security, remote access, and physical security;
• Mentors and provides guidance to new or other staff as needed;
• Performs related duties as assigned.
• Assist on other task as assigned.
Thorough knowledge of information security management tools, policies, and standards of information security procedures;
• Thorough knowledge of state and federal legislation and regulatory laws pertaining to information system security and privacy;
• Thorough knowledge of software vulnerabilities, vulnerabilities scanning tools, and vulnerabilities remediation;
• Familiarity with domain structures, user authentication, and digital signatures;
• Ability to develop and maintain information security standards;
• Ability to understand and apply complex computer logic to work;
• Ability to work effectively with a wide range of information technologists, including systems administrators, technical support, application development, end users and management;
• Experience in assessing security needs of teams and assist in their security training.
• Ability to communicate effectively both orally and in writing;
• Ability to be a team member as well as a team leader depending on the situation;
• Degree in information security or technology preferred;
• Security certification preferred (e.g. CISSP).
• Network Admin experience preferred.
Supervisory Responsibilities/Direct Reports:
This role does not provide direct supervision to direct reports.