IT Security Analyst III

Required:
• Practical experience in Cyber Security and/or Infrastructure
• Practical experience in facilitating training sessions
• Practical experience in project and technology documentation
• Practical experience in developing executive level presentation materials
• Working knowledge of the Lockpath KeyLight GRC platform (or similar)
• Practical experience as a Project Coordinator or Project Assistant
• General knowledge of the NIST Cyber Security Framework
• Experience working in a large and complex Information Technology environment
• Solid written and verbal communication skills

Description:

Relies on experience and judgment to plan and accomplish goals, independently performs a variety of complicated tasks, a wide degree of creativity and latitude is expected.

• Monitor and advise on information security issues related to the systems and workflow at an agency to ensure the internal IT security controls for an agency are appropriate and operating as intended. Coordinate and execute IT security related projects for the agency. Coordinate response to information security incidents. Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance with State IT Security policies, standards, and guidelines.
• Conduct campus-wide data classification assessment and security audits and manage remediation plans. Collaborate with IT management, Internal Audit, and SOM to manage security vulnerabilities. Create, manage and maintain user security awareness. Conduct security research and keeps abreast of latest security issues.

Support the enterprise Governance Risk & Compliance platform in various capacities, including but not limited to:

• Remove/modify/Create a System Security Plan
• Remove/modify/Create a Risk Assessment
• Remove/modify/Create a Plan of Action and Milestone
• Add/remove/modify Users, Security Roles, Groups and process MiID Requests/Access
• Bulk Operations function (e.g. Assign Controls in Risk Assessment)
• Organize and schedule training sessions (Overview Training, New Advance User Training, Working Sessions)
• Update and track feedback through Governance Risk & Compliance platform Service Requests & Feedback Form (Lockpath KeyLight)
• Manage Governance Risk & Compliance platform Mailbox (Lockpath KeyLight)
• Troubleshoot and Triage User Issues via email, telephone, Skype and Governance Risk & Compliance Tickets (Lockpath KeyLight)

• Executive Report Generation
• Create Reports as requested by users and leadership team
• Create documentation for subsequent Governance Risk & Compliance Phases (Lockpath KeyLight)
• Assist Lead Administrator/Designer in tasks or assignments as requested/needed