Job ID: MI-583236 (98891231)
Security Analyst with NIST, GAPP, CJIS, risk/threat/vulnerability management, BA/QA, ITIL/COBIT/LEAN/Six Sigma/CMM, JAD and TFS/JIRA/Bugzilla experience
Location: 4125 W. St. Joe Hwy, Lansing, MI (MDOC)
Duration: 12 months
Interview: In-person
Positions: 1 (1/2)
Skill Required / Desired Amount of Experience
Experience defining, revising, and implementing information security policies, standards, and procedures for risk mitigation. Required 4 Years
Experience in Information Security, Information Technology, Compliance or Risk Management. Required 4 Years
Knowledge of NIST, GAPP, and/or CJIS security requirements for IT. Required 2 Years
Practical experience with the basic tenets of security risk management (threat mgmt., vulnerability mgmt., and risk treatment). Required 2 Years
Demonstrated ability to translate information security risks or other IT concepts into language easily understood by a non-technical audience. Required 10 Years
Experience with drafting requirement traceability matrices and test plans for requirement validation. Desired 5 Years
Skilled with IT process/methodology (e.g. ITIL, COBIT, LEAN, Six Sigma, CMM) and experience implementing processes and methodologies. Required 4 Years
Experience with Joint Application Development (JAD) session facilitation. Required 10 Years
Excellent written communication and customer-facing verbal communication skills. Required 12 Years
Demonstrated ability to coordinate/manage initiatives from end-to-end with minor supervision. Required 10 Years
Experience with issue tracking tools (e.g. TFS, JIRA, Bugzilla). Required 4 Years
Years of Experience:
16 or more years of experience in the field.
Job Description:
Relies on experience and judgment to plan and accomplish goals, independently performs a variety of complicated tasks, a wide degree of creativity and latitude is expected.
•Develops and implements risk policies, standards, and procedures (PSP) per applicable privacy and security framework to address audit gaps. Provides risk and compliance related support to the Security Accreditation Process Team and MDOC Information Security Officer (ISO) in best aligning policies/procedures with relevant Plan of Actions and Milestones (POA&M). Reviews, analyzes and identifies opportunities and leads changes to PSP to reduce policy burden on enterprise and increase the proper alignment across the agency. Properly manages potential policy changes and impacts, risk- based recommendations, and relevant resolution/mitigation plans. Facilitates cross-functional team meetings to best reach agreement on the most effective and sustainable PSP in various risk and compliance areas. Communicates and socializes Security policy and risk management throughout the organization and gather feedback where appropriate. Manages the processes to streamline PSP.
•Reviews, analyzes, and evaluates business systems and user needs. Formulates systems to parallel overall business strategies. Experienced with business process reengineering and identifying new applications of technology to business problems to make business more effective. Familiar with industry standard (including Legacy, Core, and Emerging technologies), business process mapping, and reengineering. Prepares solution options, risk identification, and financial analyses such as cost/benefit, ROI, buy/build, etc.
•Knowledge of commonly-used concepts, practices, and procedures within a particular field. Familiar with relational database concepts, and client-server concepts. Relies on limited experience and judgment to plan and accomplish goals. Performs a variety of tasks. Works under general supervision. A certain degree of creativity and latitude is required.
Leave a Reply