Cyber Security Analyst 3 ESA OIT ENT SECURITY ARCHITECTURE, ESA21 RISK MANAGEMENT
Share
Job Location:
Augusta, ME - USA
Monthly Salary:
Not Disclosed
Posted on:
16 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Summary:
The Cyber Security Analyst III (CSA3) role within the States Information Security Office (ISO) is responsible for evaluating and assessing cybersecurity risks associated with new technologies proposed solutions and third-party vendors. This includes reviewing vendor security attestations assessing architectural designs validating security controls and supporting statewide procurement decisions through structured risk assessments. The role also supports the development and maturation of the States Third-Party Risk Management (TPRM) program including the enhancement and operation of tools.
The Cyber Security Analyst III (CSA3) role within the States Information Security Office (ISO) is responsible for evaluating and assessing cybersecurity risks associated with new technologies proposed solutions and third-party vendors. This includes reviewing vendor security attestations assessing architectural designs validating security controls and supporting statewide procurement decisions through structured risk assessments. The role also supports the development and maturation of the States Third-Party Risk Management (TPRM) program including the enhancement and operation of tools.
Location:Augusta Maine United StatesnWashington District of Columbia United States
Responsibilities:
- Conduct security reviews for new technologies cloud services applications and proposed solutions.
- Review architectural diagrams to verify appropriate security controls configurations and data-protection mechanisms.
- Assess alignment with security requirements and applicable regulatory or compliance standards.
- Develop and document risk assessments with actionable recommendations.
- Review and analyze third-party cybersecurity attestations including SOC 2 Type II ISO 27001 certifications external penetration tests and security questionnaires.
- Identify control gaps inherited risks and areas requiring additional compensating controls.
- Coordinate with procurement legal and business stakeholders during vendor onboarding and technology evaluation.
- Assist in developing enhancing and maintaining the statewide TPRM program.
- Leverage and operationalize TPRM tools to support ongoing monitoring vendor tiering and risk scoring.
- Contribute to the creation of policies processes templates and guidelines that mature the third-party risk-evaluation process.
- Utilize the GRC platform to document risk assessments waiver reviews and remediation tracking activities.
- Support the continued implementation and refinement of GRC workflows related to enterprise risk management.
- Contribute to data quality reporting accuracy and process improvements to enhance risk visibility and governance maturity.
- Support the review of security waiver requests that require deeper technical analysis to evaluate risks of temporary control exceptions.
- Document findings risk impacts and recommended mitigation strategies to inform risk acceptance decisions.
- Assist in maintaining the statewide security risk register ensuring risks are documented categorized and updated.
- Track remediation progress and validate completion for risks that exceed established tolerance thresholds.
- Collaborate with stakeholders to monitor deadlines escalate overdue items and verify mitigation plans remain effective.
- Conduct security reviews for new technologies cloud services applications and proposed solutions.
- Review architectural diagrams to verify appropriate security controls configurations and data-protection mechanisms.
- Assess alignment with security requirements and applicable regulatory or compliance standards.
- Develop and document risk assessments with actionable recommendations.
- Review and analyze third-party cybersecurity attestations including SOC 2 Type II ISO 27001 certifications external penetration tests and security questionnaires.
- Identify control gaps inherited risks and areas requiring additional compensating controls.
- Coordinate with procurement legal and business stakeholders during vendor onboarding and technology evaluation.
- Assist in developing enhancing and maintaining the statewide TPRM program.
- Leverage and operationalize TPRM tools to support ongoing monitoring vendor tiering and risk scoring.
- Contribute to the creation of policies processes templates and guidelines that mature the third-party risk-evaluation process.
- Utilize the GRC platform to document risk assessments waiver reviews and remediation tracking activities.
- Support the continued implementation and refinement of GRC workflows related to enterprise risk management.
- Contribute to data quality reporting accuracy and process improvements to enhance risk visibility and governance maturity.
- Support the review of security waiver requests that require deeper technical analysis to evaluate risks of temporary control exceptions.
- Document findings risk impacts and recommended mitigation strategies to inform risk acceptance decisions.
- Assist in maintaining the statewide security risk register ensuring risks are documented categorized and updated.
- Track remediation progress and validate completion for risks that exceed established tolerance thresholds.
- Collaborate with stakeholders to monitor deadlines escalate overdue items and verify mitigation plans remain effective.
Required Skills & Certifications:
Preferred Skills & Certifications:
Special Considerations:
Scheduling:
Key Skills
- Council
- Downstream
- Laboratory
- Bakery
- Corporate Development
