Sacramento County/Department of Technology (DTech)
799 G Street Sacramento, CA 95814
Interview: In person interview on . Phone or Skype interviews will not be accepted.
The Information Security Analyst develops and maintains enterprise security and risk policies, The ISO analyst is responsible for identifying risks relating to information security, IT risk management, IT governance, Compliance, business continuity planning, Incident response and Vendor Risk management. The role also directs the adoption and implementation of policies and procedures across the enterprise.
Additionally, this role will work with the Security Engineering and Architecture team, responsible for ensuring overall enterprise security architectural design complies with identified policies and procedures. This role will also be responsible for defining EA processes such as the EA assurance process and for leading the integration of these processes with other related business and IT processes.
- Perform current state risk assessments, continual risk assessments, gap analysis, risk metrics and reporting, risk convergence IT risk and control framework design, and integrated operational risk management
- Identify and prioritize risk based on impact and likelihood, inherent vs residual
- Maintain and monitor Information Security Risk Exception process to ensure identification of areas of high risk
- Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the campus are appropriate and operating as intended
- Provides coordination and support for execution of IT security projects
- Monitors regulatory compliance with enterprise security policies and educates department leaders on compliance efforts
- Create and manage an information security awareness program to customize communication tools and campaigns for each department and the roles.
- Coordinates business continuity planning efforts across departments
- Understands the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
- Sets standards and policies for information sharing on internal and external platforms
- Collaborate with IT management, the legal department, safety and security, others to manage security vulnerabilities
- Consults with program/project teams to fit solutions to architecture across all viewpoints
- Understands, advocates, and supports the enterprise's business and IT strategies
- Ensures that the optimal governance structure and compliance activities (such as exception requests) are associated with identified risks
Sr. Technical Recruiter
P. +1.703-666-9171 (Work) | Ext. 396
E. firstname.lastname@example.org| W. http://etalentnetwork.com/