Job Title: IT Security Analyst
NFP rate: $45.55
Submissions close Friday March 6th, 2020 at 10 am
Manager needs resumes ASAP for this role which is the reason for the 2 day turn around. Allowing THREE bids for this role due to urgency.
Senior Security Analyst Position Description:
The Ohio Department of Administrative Services is seeking a Senior Security Analyst (consultant) to assist in management of the security program for its Integrated Eligibility and Health and Human Services Business Intelligence program. Security design and implementation for this program are covered items in a managed services contract. The Senior Security Analyst will be responsible for ensuring Managed Service Provider (MSP) compliance with state security policies and practices. The Senior Security Analyst will work under the direction of senior state security personnel, and side-by-side with another analyst focused on security compliance and privacy management.
Duties include:
- Ensure MSP compliance with state policies, standards, and legal/regulatory requirements;
- Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. and that MSP remains on track with these plans;
- Recognize a possible security violation and take appropriate action to report the incident, as required;
- Advise appropriate senior leadership of changes affecting the organization's security posture;
- Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals;
- Collect and maintain data needed to meet system security reporting;
- Recommend and/or implement policies and procedures to ensure protection of system infrastructure;
- Review plans, instructions, guidance, and standard operating procedures implemented by the MSP impacting the security of the system;
- Provide state security requirements to be included in statements of work and other appropriate procurement documents;
- Recommend resource allocations required to securely operate and maintain an organization;
- Supervise MSP protective or corrective measures when a security incident or vulnerability is discovered;
- Work with other state and MSP personnel to support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs, etc.).
The successful candidate will possess the following skills and capabilities:
- Broad understanding of Information Security as a field, including experience evaluating and implementing security policies and practices;
- Knowledge of current and emerging threats/threat vectors;
- Proven track record in vendor management;
- Experience managing security in an environment where security and infrastructure implementation were outsourced to a third party;
- Experience with at least one security framework (NIST SP 800-53, ISO 27001, NERC, etc.);
- Ability to work and communicate effectively with both technical and non-technical individuals at all levels of the organization;
- Ability to assess risk of proposed changes to infrastructure, code, and connectivity.
Preferred credentials include the following:
- CISSP, CISM, or equivalent certification
- BS or MS in Information Security or related field
- Experience implementing NIST SP 800-53
- Experience with the Consensus Audit Guidelines/20 Critical Controls for Cyber Defense
- Experience with the OWASP Top 20
