Duration: 2080 hours
Company: Sacramento County/Department of Technology (DTech)
Interview: In-Person (In the week of week of )
Location: Sacramento, CA, United States
The Information Security Analyst develops and maintains enterprise security and risk policies, The ISO analyst is responsible for identifying risks relating to information security, IT risk management, IT governance, Compliance, business continuity planning, Incident response and Vendor Risk management.
he role also directs the adoption and implementation of policies and procedures across the enterprise. Additionally this role will work with the Security Engineering and Architecture team, responsible for ensuring overall enterprise security architectural design complies with identified policies and procedures.
This role will also be responsible for defining EA processes such as the EA assurance process and for leading the integration of these processes with other related business and IT processes.
* Perform current state risk assessments, continual risk assessments, gap analysis, risk metrics and reporting, risk convergence IT risk and control framework design, and integrated operational risk management
* Identify and prioritize risk based on impact and likelihood, inherent vs residual
* Maintain and monitor Information Security Risk Exception process to ensure identification of areas of high risk
* Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the campus are appropriate and operating as intended
* Provides coordination and support for execution of IT security projects
* Monitors regulatory compliance with enterprise security policies and educates department leaders on compliance efforts
* Create and manage an information security awareness program to customize communication tools and campaigns for each department and the roles.
* Coordinates business continuity planning efforts across departments
*Understands the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
* Sets standards and policies for information sharing on internal and external platforms
* Collaborate with IT management, the legal department, safety and security, others to manage security vulnerabilities
* Consults with program/project teams to fit solutions to architecture across all viewpoints
* Understands, advocates, and supports the enterprise's business and IT strategies
* Ensures that the optimal governance structure and compliance activities (such as exception requests) are associated with identified risks
* Analyzes industry, technology, and market trends to determine their potential impacts on the enterprise
* Analyzes the current business and IT environment to detect critical deficiencies and recommends solutions for improvement * S/he proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Cyber Security and Enterprise Architecture
* S/he partners with business leadership and other key stakeholders to define opportunities and prioritize IT Business Requests and projects based on predefined criteria (e.g. return on investment, productivity, compliance, legal, operational risk reduction, and contractual requirements)
* One or more industry certifications such as CISSP, CISM, CRISC, GSEC and CISA required
* Must understand the current security threats model and demonstrate a strong willingness to stay at the forefront of security developments
* Knowledge of risk assessment methodologies, IT policies and standards development
* Working knowledge of common IT security impacted regulations and/or standards such as ISO/IEC 27001/2, NIST, PCI, and HIPAA.
* Experience with audit processes and disciplines including third party risk management.
* Working knowledge of industry leading GRC practices * 5+ years of experience in an IT Security/IT Risk environment with a large regulated organization
* Experience with development and administration of risk assessments, reviews, corrective action planning
* Must possess strong oral and written communication skills to assist in maintaining documentation, updating manuals, and producing reports
* Have keen analytical skills and be a critical thinker
* Exhibit a high-level of attention to detail
* Be a self-starter, innovative, and creative
* The ability to multi-task and adjust to shifting priorities
* Must be highly motivated, dependable, and punctua
Please provide the following information
Alternate contact (if any):
8251 Greensboro Drive, Suite 250 Mclean , Virginia - 22102
(703) 666-9171 Ext.627