Cyber Security Analyst

Key Responsibilities

• Review client Benefits Program documentation, policies, plans and procedures and recommend updates based on best practices, State and federal laws and regulations.
• Serve as a consultant for the overall planning and analysis of the security architecture of information systems. Provide technical advice and guidance to business partners, the State’s Office of Information Security and Privacy, Deputy CISO, and the CISO as well as to other IT managers and staff to design solutions that meet the State’s requirements. Directly participate in information security short and long-term planning processes for the client Benefits Program.
• Evaluate security and privacy needs of all aspects of the client Benefits Program. Assist with security and privacy review and attestation activities. Identify gaps and shortfalls of plans, practices, and work to mature the overall security and privacy posture of the program.
• Assist in the analysis of security and privacy incident reports to the client Benefits Program security and privacy team. Provide incident response support as needed.
• As required, represent the Office of Information Security and Privacy at meetings with other governmental or agency officials.
• Review and update security, privacy, and compliance documentation. Respond to and recommend remediations for audit findings.
• Audit, review and recommend actions of requests for access rights to system functionality through the 7078 process.
• Contribute to the alignment of security governance with Enterprise Architecture governance and project and portfolio management (PPM).
• Develop, review, update, and present security and privacy training and tabletop exercise materials and reports.

Mandatory Skills & Experience

• Strong knowledge of the NIST 800-53 security framework; CMS MARS-E requirements and its control enhancement; and of IRS Publication 1075 and 42 C.F.R. 433.112 (b)(5) and (6), and 45 C.F.R. 95.617(a).
• Experience in communicating with executive leadership.
• Minimum of ten years’ experience in cybersecurity.
• Experience with security, privacy, and IT audits.
• Certified Information Systems Security Professional (CISSP) credentials.
• Certified Information Systems Auditor (CISA) credentials (preferred).
• Strong technical experience and understanding of MS Windows, Linux and Database systems.
• Experience in technical writing.
• Work successfully individually or as a part of a team.
• Detail oriented.
• Experience with project management techniques and processes.
• Ability to develop security and privacy related training material and present to a wide range of audiences.
• Experience using standard MS Office and Adobe tools.