Description
Overview
Under the direction of management, the incumbent will assist in building and implementing programs, policies, and practices to ensure that the State of Vermont (SoV) complies with industry and government regulatory compliance. You will work closely with internal business units, IT divisions, and other relevant departments to increase security awareness, assess compliance, and where necessary, provide support in remediating non-compliant issues. The Information Security Compliance Analyst takes a role in ensuring the security of all protected information collected, used, maintained, or released by the SoV.
Typical Duties and Responsibilities
- Participate in the drafting, updating, reviewing, and publication of security policies and other security materials.
- Assists in the implementation of policies and procedures to adequately address and control the risk management of SoV assets
- Supports continuous improvement by developing, operationalizing, and maintaining security compliance metrics and documentation. Also provides support for security compliance requests and incidents.
- Evaluates security requirements in context with other business requirements and recommends measures to manage risk and adequately secure information systems.
- Assist with the coordination of Federal and State-level Audit and Security Compliance Reviews.
- Manage the accountability and responses from audit finding owners to provided needed details in a timely manner for submission of Federal remediation reports.
- Support the work as needed for the collection of responses and related artifacts for the reporting of security documentation to federal partners.
- Performs Information Security third party due diligence and ongoing assessments of vendors to assess risk.
- Conducts reviews and risk assessments to identify weaknesses or security exposures, assess impact, and recommend solutions to mitigate risks and exposures.
- Assist with annual compliance requirements to include MARS-E, IRS Pub 1075, HIPAA.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
A potential candidate will be a person that is self-motivated, and a super-collaborator with technical and non-technical staff, and has superior attention to detail. There will be a level of freedom to complete the assigned tasks, but also to provide recommendations and feedback on how processes/systems can work better and more securely. The work associated with this position is driven by hard deadlines, so a potential candidate should have excellent time management skills and should be able to independently triage their workload.
All candidates are required to pass a fingerprint-supported background check.
Who May ApplyThis position, Information Security Analyst I - Limited Service (Job Requisition #51863), is open to all State employees and external applicants. It is a Limited Service position, which is non-tenured and authorized for a specific period of time. Limited Service positions are established for specially funded projects or programs.
If you would like more information about this position, please contact Emily.Wivell@vermont.gov.
Resumes will not be accepted via e-mail. You must apply online to be considered.
Please note that multiple positions in the same work location may be filled from this job posting.
Incumbents in this class are responsible for technical, compliance, and governance work in one or more areas of information security. Works in collaboration with more experienced staff members as well as Information Technology (IT) and business decision makers to coordinate, plan, design, integrate and audit security capabilities and optimize security of information systems and services for the State of Vermont.
Work is performed in a standard office setting, but some travel may be required for which private means of transportation should be available. Work outside of regular business hours is expected.
Minimum QualificationsBachelor's degree in computer science, programming, or engineering
OR
Four 4 years or more of experience in the field of information technology INCLUDING one 1 year where the primary role was in information security.
OR
Possession of one 1 or more of the following certifications Certified Information Systems Security Professional CISSP
OR
Global Information Assurance Certification GIAC. Preferred: Certification in: CompTIA Network+ CompTIA Security+ International Information Systems Security Certification Consortium ISC Systems Security Certified Practitioner SSCP Global Information Assurance Certification GIAC Information Security Certification ISC Certified Information Systems Security Professional CISSP
Preferred QualificationsCertification in:
CompTIA Network+
CompTIA Security+
International Information Systems Security Certification Consortium (ISC)
Systems Security Certified Practitioner (SSCP)
Global Information Assurance Certification (GIAC) Information Security Certification
(ISC) Certified Information Systems Security Professional (CISSP)
Total CompensationAs a State employee you are offered a great career opportunity, but it's more than a paycheck. The State's total compensation package features an outstanding set of employee benefits that are worth about 30% of your total compensation, including:
- 80% State paid medical premium and a dental plan at no cost for employees and their families
- Work/Life balance: 11 paid holidays each year and a generous leave plan
- State Paid Family and Medical Leave Insurance (FMLI)
- Two ways to save for your retirement: A State defined benefit pension plan and a deferred compensation 457(b) plan
- Tuition Reimbursement
- Flexible spending healthcare and childcare reimbursement accounts
- Low cost group life insurance
- Incentive-based Wellness Program
- Qualified Employer for Public Service Student Loan Forgiveness Program
Want the specifics? Explore the Benefits of State Employment on our website.
Equal Opportunity Employer The State of Vermont celebrates diversity, and is committed to providing an environment of mutual respect and meaningful inclusion that represents a variety of backgrounds, perspectives, and skills. The State does not discriminate in employment on the basis of race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, membership in an employee organization, family medical history or genetic information, or family or parental status. The State's employment decisions are merit-based. Retaliatory adverse employment actions by the State are forbidden.Apply on company website
Find Connections via Linkedin
