MCD IT Consultant 1 ITC1 (Security Resource)

This security specialist works with the agency CISO Risk Manager and Privacy Officer to perform the security analysis and other assigned security/risk tasks.


Position Summary:
The IT Consultant 1 is a tenured-level professional responsible for identifying analyzing and mitigating complex IT risks across the organizations technology infrastructure. This role involves strategic planning cross-functional leadership and subject matter expertise in IT risk management. The IT Consultant 1 will be a part of the Department IT Risk and Security that works closely with leadership and external partners to ensure regulatory compliance enhance the organizations cybersecurity posture and support enterprise-wide risk and audit initiatives.

Key Responsibilities:

1. Risk Assessment and Analysis
   • Lead complex IT risk assessments and threat modeling activities across systems and applications.
   • Analyze trends and emerging risks to proactively recommend strategic mitigations.
2. Risk Mitigation and Management
   • Develop and oversee implementation of advanced risk mitigation strategies.
   • Monitor risk programs and revise controls based on performance metrics and audit outcomes.
3. Compliance and Governance
   • Ensure enterprise-wide compliance with federal and state regulations including HIPAA IRS Pub. 1075 NIST 800-53 MARS-E and ISO standards.
   • Support policy lifecycle management and contribute to enterprise GRC strategy.
4. Incident Management
   • Provide leadership in incident response and post-incident reviews.
   • Collaborate with internal teams on root cause analysis and long-term remediation planning.
5. Review System Security Plans (SSPs)
   • Review update and validate system security documentation for critical systems.
   • Ensure alignment with internal risk policies external contractual requirements and frameworks such as NIST and CIS.
6. External Audit Support
   • Serve as a key liaison to auditors and regulatory assessors.
   • Oversee evidence collection audit response documentation and control testing coordination.
7. IT Security Policy Leadership
   • Lead the creation and revision of organizational IT security policies.
   • Recommend and draft policy enhancements based on risk assessment results audit findings and regulatory changes.
8. Reporting and Documentation
   • Prepare and deliver executive-level reporting on risk posture findings and recommendations.
   • Maintain thorough documentation aligned with organizational and audit standards.
9. Collaboration and Communication
   • Represent IT risk in executive discussions technical project meetings and external partner engagements.
   • Coach and mentor junior staff IT and business personnel.

• Education:
  Bachelors degree in Information Technology Computer Science Cybersecurity or a related field is required.
  Masters degree in a related field preferred.
• Experience:
  Minimum of 7 to 10 years of experience in IT risk management cybersecurity or information assurance.
  Demonstrated success leading cross-functional projects and managing compliance for large systems. Experiences in Heath and Human Services or Healthcare business preferred.
• Certifications (Preferred):
  CISA CISSP CRISC CISM CGEIT or similar credentials.
• Technical Skills:
  Expertise in risk frameworks (NIST 800-53 MARS-E ISO 27001) vulnerability management system security plans and audit lifecycle management.
• Analytical Skills:
  Exceptional critical thinking data analysis and risk prioritization abilities.
• Communication Skills:
  Strong verbal and written communication skills with the ability to tailor information to different audiences including executives.

Interpersonal Skills:
Demonstrated ability to collaborate across teams influence without authorityand drive organizational change