Description
Overview
Under the direction of management, the incumbent will assist in building and implementing programs, policies, and practices to ensure that the State of Vermont (SoV) complies with industry and government regulatory compliance. You will work closely with internal business units, IT divisions, and other relevant departments to increase security awareness, assess compliance, and where necessary, provide support in remediating non-compliant issues. The Information Security Compliance Analyst takes a role in ensuring the security of all protected information collected, used, maintained, or released by the SoV.
Typical Duties and Responsibilities
- Participate in the drafting, updating, reviewing, and publication of security policies and other security materials.
- Assists in the implementation of policies and procedures to adequately address and control the risk management of SoV assets
- Supports continuous improvement by developing, operationalizing, and maintaining security compliance metrics and documentation. Also provides support for security compliance requests and incidents.
- Evaluates security requirements in context with other business requirements and recommends measures to manage risk and adequately secure information systems.
- Assist with the coordination of Federal and State-level Audit and Security Compliance Reviews.
- Manage the accountability and responses from audit finding owners to provided needed details in a timely manner for submission of Federal remediation reports.
- Support the work as needed for the collection of responses and related artifacts for the reporting of security documentation to federal partners.
- Performs Information Security third party due diligence and ongoing assessments of vendors to assess risk.
- Conducts reviews and risk assessments to identify weaknesses or security exposures, assess impact, and recommend solutions to mitigate risks and exposures.
- Assist with annual compliance requirements to include MARS-E, IRS Pub 1075, HIPAA.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
A potential candidate will be a person that is self-motivated, and a super-collaborator with technical and non-technical staff, and has superior attention to detail. There will be a level of freedom to complete the assigned tasks, but also to provide recommendations and feedback on how processes/systems can work better and more securely. The work associated with this position is driven by hard deadlines, so a potential candidate should have excellent time management skills and should be able to independently triage their workload.
All candidates are required to pass a fingerprint-supported background check.
Who May ApplyThis position, Information Security Analyst II (Job Requisition #51614), is open to all State employees and external applicants.
If you would like more information about this position, please contact Emily.Wivell@vermont.gov.
Resumes will not be accepted via e-mail. You must apply online to be considered.
Please note that multiple positions in the same work location may be filled from this job posting.
Work is performed in a standard office setting, but some travel may be required for which private means of transportation should be available. Work outside of regular business hours is expected.
Minimum QualificationsBachelor's degree in computer science, programming, or engineering AND two (2) years or more of experience in the field of information technology.
OR
Six (6) years or more of experience in the field of information technology INCLUDING (2) years where the primary role was in information security.
OR
Four (4) years or more of experience in the field of information technology where the primary role was in information security AND possession of one (1) or more of the following certifications; Certified Information Systems Security Professional (CISSP) OR Global Information Assurance Certification (GIAC).
Preferred QualificationsCertification in:
CompTIA Network+
CompTIA Security+
International Information Systems Security Certification Consortium (ISC)
Systems Security Certified Practitioner (SSCP)
Global Information Assurance Certification (GIAC) Information Security Certification
(ISC) Certified Information Systems Security Professional (CISSP)
Total CompensationAs a State employee you are offered a great career opportunity, but it's more than a paycheck. The State's total compensation package features an outstanding set of employee benefits that are worth about 30% of your total compensation, including:
- 80% State paid medical premium and a dental plan at no cost for employees and their families
- Work/Life balance: 11 paid holidays each year and a generous leave plan
- State Paid Family and Medical Leave Insurance (FMLI)
- Two ways to save for your retirement: A State defined benefit pension plan and a deferred compensation 457(b) plan
- Tuition Reimbursement
- Flexible spending healthcare and childcare reimbursement accounts
- Low cost group life insurance
- Incentive-based Wellness Program
- Qualified Employer for Public Service Student Loan Forgiveness Program
Want the specifics? Explore the Benefits of State Employment on our website.
Equal Opportunity Employer The State of Vermont celebrates diversity, and is committed to providing an environment of mutual respect and meaningful inclusion that represents a variety of backgrounds, perspectives, and skills. The State does not discriminate in employment on the basis of race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, membership in an employee organization, family medical history or genetic information, or family or parental status. The State's employment decisions are merit-based. Retaliatory adverse employment actions by the State are forbidden.Apply on company website
Find Connections via Linkedin
