W2 - Security Analyst II (Cybersecurity, Network operations, Audit, IT risk management) - Hybrid
W2 - Security Analyst II (Cybersecurity, Network operations, Audit, IT risk management) - Hybrid
Posted on :
21-08-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Description:
This is a repost. Do not resubmit previous candidates. Feedback from manager: Candidates from previous posting were lacking soft skills and hands on prior technical experience. Changes made to the position description focus it more on certain technical aspects and removes some audit language to hopefully narrow down the candidates we got that were heavy on that.
The client is looking for a Security Analyst II.
Will close to submissions on 08/26/2025 4:00 PM CST.
Top Skills & Years of Experience: 5 years of experience in the following:
Must have:
5 years of experience in cybersecurity or network operations audit and compliance coordination or related IT risk management.
Experience running search queries generating and automating reports from industry standard IT security tools (e.g. Splunk IronPort Tenable Cloudflare).
Experience managing IT security review processes security exception workflows vulnerability management processes and developing security policies or procedures.
Proven ability to coordinate complex risk assessments and compliance activities including experience evaluating AI tools or emerging technologies for compliance security or ethical risks with a strong knowledge of direct and indirect AI-related risks
Strong understanding of common security frameworks or compliance standards (e.g. NIST PCI DSS CIS ISO 27001) and privacy protection practices.
Nice to have:
Prior experience in public-sector compliance or multi-agency single tenant environments.
Prior experience with PCI DSS SAQ preparation and attestation.
Prior experience coordinating vendor-performed internal penetration testing
Interview Process: Microsoft Teams with Video
Duration: 6/30/26 with possibility of extensions
Onsite or Remote Candidates MUST be WI residents or willing to relocate to WI prior to starting the role at their own expense. This is a hybrid position requiring on-site work at the WHS HQ 1-3 days per week varying based on project and operational demands but WHS is a great place to work right in the heart of downtown Madison and the UW-Madison Campus. Remote work may be permitted on a
scheduled basis after an initial onboarding period.
scheduled basis after an initial onboarding period.
Project details:
This position reports to the Deputy IT Director and works closely with IT team members key internal stakeholders across all WHS divisions and external partners such as the Department of Administrations (DOA) Division of Enterprise Technology (DET) providing expertise and support for a variety of complex cybersecurity technologies IT risks and compliance requirements.
This position reports to the Deputy IT Director and works closely with IT team members key internal stakeholders across all WHS divisions and external partners such as the Department of Administrations (DOA) Division of Enterprise Technology (DET) providing expertise and support for a variety of complex cybersecurity technologies IT risks and compliance requirements.
The IT Security & Compliance Coordinator oversees and facilitates agency IT security compliance technology intake processes IT audit readiness and overall IT risk management.
Full job description attached
The IT Security & Compliance Coordinator oversees and facilitates agency IT security
compliance technology intake processes IT audit readiness and overall IT risk management.
Regularly performing complex risk assessments related to cloud-hosted solutions (e.g. SaaS
PaaS laaS) Artificial Intelligence (Al) technology and Al use cases agency data governance and
privacy protections and application security governance; the IT Security & Compliance
Coordinator acts as a key liaison to external partners and collaborates closely with internal IT
teams division leadership program staff regulatory bodies and vendors to strengthen the
agencys security and compliance posture.
compliance technology intake processes IT audit readiness and overall IT risk management.
Regularly performing complex risk assessments related to cloud-hosted solutions (e.g. SaaS
PaaS laaS) Artificial Intelligence (Al) technology and Al use cases agency data governance and
privacy protections and application security governance; the IT Security & Compliance
Coordinator acts as a key liaison to external partners and collaborates closely with internal IT
teams division leadership program staff regulatory bodies and vendors to strengthen the
agencys security and compliance posture.
Additionally this role is responsible for performing log analysis using SIEM tools and interpreting
IT vulnerability scans while producing executive-level IT security risk and compliance related
reports. It coordinates the agency vulnerability management program firewall and security
exception requests with WHSs managed service provider supports and facilitates incident
response planning and leads cybersecurity awareness training in coordination with agency
leadership. The IT Security & Compliance Coordinator also performs PCI DSS attestation (i.e.
SAQ A & SAQ B-IP) for all WHS merchant locations.
Responsibilities:
Technology Intake & Vendor Security Review:
- Capture business use cases data classification and required security controls for software and cloud services.
- Collect and review vendor T&Cs license agreements privacy policies and security artifacts (e.g. SOC 2 FedRAMP/StateRAMP).
- Initiate monitor and shepherd intake workflows with service providers coordinating to closure and ensuring alignment with agency compliance requirements.
Monitoring Reporting and Vulnerability Coordination:
- Use enterprise/agency tools (e.g. SIEM email security vulnerability scanners) to review security posture and risk trends.
- Build recurring and ad-hoc reports that provide security value (threat/anomaly insights) and business intelligence (usage/adoption trends).
- Translate technical findings into clear summaries for diverse audiences including executive leadership.
- Coordinate vulnerability scan interpretation dashboards and remediation tracking; escalate and track actions with system owners and service providers until resolved.
Al & Emerging Technology Governance:
- Maintain inventories of Al applications direct and indirect risks and approved use cases.
- Coordinate intake and review of Al business use cases; prepare forms and guide staff through enterprise and agency requirements.
- Evaluate vendor Al features and emerging technologies for security privacy and ethical risks (e.g. bias data exposure) ensuring compliance with enterprise and agency policies.
- Draft/refine policies that balance innovation with secure adoption of Al and other emerging tech.
IT Compliance Audit Response & Risk Management:
- Develop maintain and monitor adherence to IT security/compliance policies aligned to NIST PCI DSS CIS ISO 27001 and state standards.
- Identify and track risks; collaborate with service providers and internal technical teams on mitigation strategies and exception handling.
- Oversee data governance activities and support application security governance (secure design guidance vendor compliance reviews).
- Prepare audit responses and evidence for oversight/regulatory bodies; lead PCI DSS
- SAQ processes for all merchant locations.
- Support vendor contract reviews by identifying and recommending security and privacy requirements to be included in agreements
Incident Response Planning and Execution:
- Maintain and test incident response plans/playbooks; educate staff on roles and procedures.
- Participate in investigations documentation notifications/status updates and post-incident reviews; track root cause and preventive actions.
Cybersecurity Awareness and Training:
- Lead agency-wide cybersecurity education and compliance initiatives ensuring awareness and adherence to PCI DSS NIST-based and state-level standards.
- Develop and deliver cybersecurity awareness programs to educate employees about security best practices and emerging threats.
- Regularly create engaging training materials and conduct workshops to promote a security-conscious culture.
- Regularly champion provide guidance and promote awareness on cybersecurity data governance and responsible technology use across the organization.
Additional details:
Public parking options are available nearby public transportation is half a block away and bike racks are available just outside of our HQ doors. Regular commuting expenses are not covered by WHS.
Public parking options are available nearby public transportation is half a block away and bike racks are available just outside of our HQ doors. Regular commuting expenses are not covered by WHS.
Pay range: $35/hr on W2.
Employment Type
Full-time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
