HBITSSecurity Analyst-Expert

Job Description

Project/Program:

Under the direction of a Senior Information Security Analyst ITS 4 SG 25 or Information Security Officer MITS 1 within the Security Services Team the position will be a member of an ITS Dedicated Security Services Team that provides security services to the NYS Department of Transportation. The incumbent will provide in-depth information security privacy and artificial intelligence consulting and services aligned with business needs of the client agency DOT to ensure confidentiality integrity and availability of information and systems.

The incumbent will work with other ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.

The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information critical systems NYS agencies or ITS.

Day-to-Day:

Duties include but are not limited to:

- Implement information security and compliance programs for Information Technology (IT) systems and Operational Technology (OT) systems.
- Conducting written risk assessments (security privacy Artificial Intelligence) for existing systems/solutions new systems/solutions and services in use or to be used by the business.
- Assist with management and resolution of security risks and/or threats to business information and operational systems.
- Serve as information security analyst and evaluate systems and contracts for alignment with Business and State information security policies and standards as well as other laws regulations and industry best practices as applicable.
- Assist with risk register management and vulnerability management
- Monitor and remain aware of information security industry trends tools and techniques.
- Perform additional duties as required.

Mandatory Requirements:

Security Analyst - Plans and carries out security measures to protect an organizations computer networks and systems.

Expert - 84 months: Candidate is able to provide guidance to large teams and/or has extensive industry experience and is considered at the top of his/her field

Requested Requirements:

- 84 months experience evaluating information security privacy and compliance for Information Technology systems and/or Operational Technology systems.
- 84 months experience conducting written risk and compliance assessments for security privacy and/or Artificial Intelligence using industry standards and frameworks such as NIST CIS Critical Controls ISO 27001 etc.
- 60 months experience triaging and determining mitigation plans (with and without Vendor) to resolve security risks and/or threats to business information systems and operational technology systems.
- 60 months experience evaluating business systems (Commercial Off the Shelf and Custom Developed) for alignment with Information Technology and/or Operational Technology security policies standards laws regulations and industry best practices.
- 60 months experience in evaluating security controls for cloud environments
- 60 months experience working with cross functional teams to mitigate or remediate system and application vulnerabilities.
- 48 months experience in risk management (including third-party) vulnerability management and security program management
- 48 months experience in threat assessment and/or Incident Response management for information security and/or operational technology systems.
- Bachelors Degree (or higher) in one or more of the following: Information Security Information Assurance Cybersecurity Computer Science Information Science Information System Management Digital Forensics Compliance and Risk Management
- One or more of the following certifications: GICSP GSEC CISSP CCSP CCSK CompTIA Cloud GCSA CompTIA Network CompTIA Security CompTIA CySA CIPT CIPP CIPM CISSP CRISC ISSAP ISSEP CGRC CSSLP SSCP or other applicable information and/or cybersecurity privacy artificial intelligence or risk management certifications