Position Overview:
Under minimal direction, the Information Security Analyst - Governance, Risk & Compliance (GRC) performs all procedures necessary to ensure the security of information and information systems, and to protect systems from intentional or inadvertent access or destruction.
Job Duties and Responsibilities:
Serves as a subject matter expert and/or provides direction on processes, projects, and issues pertaining to Cloud Security with emphasis on Microsoft Azure.
Conducts security risk assessments and facilitates review of cloud and hybrid cloud, and on prem IT solutions and infrastructure.
Utilizes cloud security controls to improve security posture, and research emerging threats relevant to cloud and hybrid cloud operations.
Develops, manages, and coordinates security risk assessments for third-party vendors, Harris County internally developed / managed applications and systems to ensure Confidentiality, Integrity, and Availability (CIA triad).
Assesses and prioritizes information security risk, facilitates compliance with regulatory requirements and information security policies and procedures.
Plans, research, and reviews cybersecurity architecture for the county’s Infrastructure (on prem, cloud) projects.
Identifies security design gaps in existing /proposed architectures and recommend changes/enhancements.
Leads the evaluation, design, and implementation of new security solutions and technologies.
Responsible for the creation and implementation of IT Security Policies, Standards, Procedures, Guidelines, and the on-going management of IT Security Policy Development and Exception Management Processes.
Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, metrics/measures packages, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and executive presentations with little guidance, as needed to support the overall delivery of Information Security objectives.
Designs and implements tools and processes to proactively monitor and govern the effectiveness of Information security controls and services.
Develops and maintains metrics, executive dashboards and/or regular reports to communicate IT security risks.
Assists in presenting cybersecurity risks and gaps to stakeholders as appropriate.
Helps establish remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed as agreed.
Will actively participate in the on-going review and management of the Harris County Cyber Security Framework and Cybersecurity Policies to ensure alignment with governance objectives.
Must be able to weigh business needs against security concerns and articulate issues to management.
Conducts accurate evaluation of the level of security required and will assist in the evaluation and implementation of other new security solutions and technologies as needed.
Works on multiple projects as a project leader or as the subject matter expert. Works on projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
Coaches and mentors more junior level managerial and technical staff.
Conducts communications and Cybersecurity training sessions as required to support the success of the program.
Other duties as assigned.
Harris County is an Equal Opportunity Employer
https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx
If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net.
This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Education:
High School diploma, or G.E.D. equivalency from an accredited educational institution.
Experience:
5 years of work experience in Information Security, or IT Risk Management.
Knowledge, Skills, and Abilities (KSAs):
Experience designing, implementing, and executing IT Risk Management projects, information security governance, tools, and technologies across complex, large-scale environments,
Experience writing IT risk assessments and controls, and developing Information Security policies, procedures including Exception Management Processes
Experience with Microsoft Azure security and compliance controls, cloud security governance and compliance
Ability to build and maintain strong relationships across departments/teams and effectively communicate solution designs to stakeholders and leadership
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained or stored either manually or electronically (i.e., custodian, maintenance).
Automatic Disqualification:
NOTE: Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.
Education:
Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or CompTIA Security Certification is preferred.
Experience:
Experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies, and processes
Experience consulting with business and technology partners on general security requirements, network controls and best practices
Experience with Governance, Risk & Compliance (GRC) tools
Experience with MS Office 365 (Word, Excel, PowerPoint, Outlook), Teams, SharePoint, QuickBase, and PowerBI.
Knowledge, Skills, and Abilities (KSAs):
Ability to confront challenges in a constructive fashion and influence others through consensus building techniques
Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel
Strong technical writing, research, analysis, and analytical/problem solving skills
A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and ability to thrive in a team environment
Strong knowledge and experience in securing networks, firewalls, and infrastructure in a complex environment
A broad understanding of cybersecurity concepts across all domains, applicable security models (e.g., NIST Cybersecurity Framework (CSF), CIS Critical Security Controls), ISO 2700X, and regulations (e.g., CJIS, PCI, HIPAA, and Privacy Act)
Exceptional leadership, verbal and written communication, and project management skills.
Position Type and Typical Hours of Work:
40 hours per week / Monday - Friday
Weekends and 24 on-call infrequently, as needed.
Salary:
Commensurate with experience.
Based on 26 pay periods
Location:
406 Caroline St., Houston, TX 77002
Employment may be contingent on passing a drug screen and meeting other standards.
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
Clear All
0 Information Security Analyst jobs found in Houston, TX area