DTS Analyst GOVERNANCE, RISK, AND COMPLIANCE ANALYST
Job Location:
Job Location:
Phoenix, AZ - USA
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
2 hours ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
Position Overview
Posting title*
Phoenix AZ - IT - AZDES - DTS - Analyst - GOVERNANCE RISK AND COMPLIANCE ANALYST
Position Information
| Position Type | Staff Augmentation | Hours/Week | |
| Billing Type | Hourly | Shift | Day |
| Projected Start Date | Start Time | 8:00 AM | |
| Projected End Date/Duration | 4 Months from projected start date | End Time | 5:00 PM |
Tentative start date will be dependent upon interviews conducted onboarding completed and the state agency issuing a PO.
HireRight must be used for Background Checks and Drug Screenings
Local Only Candidates - Resumes must specify the current location of the candidate all those who do not state current location will not be considered. - AS A REMINDER - Candidates must be local at time of submission and available for in person interviews within 1 week of the posting close date. Candidates must also be able to start within 2 weeks of an offer being made.
HireRight must be used for Background Checks and Drug Screenings
Local Only Candidates - Resumes must specify the current location of the candidate all those who do not state current location will not be considered. - AS A REMINDER - Candidates must be local at time of submission and available for in person interviews within 1 week of the posting close date. Candidates must also be able to start within 2 weeks of an offer being made.
This is a 4-month contract to hire. All candidates must be eligible to convert to an FTE. The State is unable to sponsor any visas. This has to be local to Phoenix meaning 1 hour drive max. Please do not submit resources if they were submitted to posting 10482.
Job Summary:
The Department of Economic Security Division of Technology Services is seeking an experienced and highly motivated individual to join our team as a Information Security Analyst (ISA) contractor. This position will work on the Governance Risk and Compliance (GRC) Team to communicate and engage with business units to develop a strong understanding of their reporting data and product needs. The team member will work with other personnel across departments to define requirements for projects identify data dependencies and relationships to develop logical and physical data models data flows and system activity diagrams and write specifications for managing enterprise information policies. The team member will help develop plans and materials to support user adoption training and customer service working through direct and regular contact with users from other divisions programs and service units to provide regular insight and guidance in prioritizing enhancements for the data systems. The team member will also support technical project managers to ensure that all aspects of the information analysis and requirements gathering process are completed with the highest degree of accuracy and quality which includes developing and socializing key project artifacts.
The Department of Economic Security Division of Technology Services is seeking an experienced and highly motivated individual to join our team as a Information Security Analyst (ISA) contractor. This position will work on the Governance Risk and Compliance (GRC) Team to communicate and engage with business units to develop a strong understanding of their reporting data and product needs. The team member will work with other personnel across departments to define requirements for projects identify data dependencies and relationships to develop logical and physical data models data flows and system activity diagrams and write specifications for managing enterprise information policies. The team member will help develop plans and materials to support user adoption training and customer service working through direct and regular contact with users from other divisions programs and service units to provide regular insight and guidance in prioritizing enhancements for the data systems. The team member will also support technical project managers to ensure that all aspects of the information analysis and requirements gathering process are completed with the highest degree of accuracy and quality which includes developing and socializing key project artifacts.
The state of Arizona strives for a work culture that affords employees flexibility autonomy and trust. Across our many agencies boards commissions many State employees participate in the States Remote Work Program and are able to work remotely in their homes in offices and in hoteling spaces. All work including remote work should be performed within Arizona unless an exception is properly authorized in advance.
Job Duties:
Perform risk assessments audit reviews generate findings reports and make appropriate recommendations for improvement and track outcomes from those activities for DES reporting requirements. Develop and formulate comprehensive reports detailing the findings areas of non-compliance required POA&Ms (Plan of Action and Milestones) environmental observations and incident reports.
Review update and manage security related audit plans security plans and risk plan documentation for accuracy and consistency proactively solves problems.
Evaluate data and formulate comprehensive reports detailing the findings areas of non-compliance required action plans and environmental observations. Generates incident reports and investigates suspicious network activity.
Preparing audit documentation that supports audit results drafting and editing audit findings to adhere to the standards and the agencys writing style.
Research agency and industry IT security practices standards best practices laws and regulations and other applicable resources ensures compliance with standards
Job Duties:
Perform risk assessments audit reviews generate findings reports and make appropriate recommendations for improvement and track outcomes from those activities for DES reporting requirements. Develop and formulate comprehensive reports detailing the findings areas of non-compliance required POA&Ms (Plan of Action and Milestones) environmental observations and incident reports.
Review update and manage security related audit plans security plans and risk plan documentation for accuracy and consistency proactively solves problems.
Evaluate data and formulate comprehensive reports detailing the findings areas of non-compliance required action plans and environmental observations. Generates incident reports and investigates suspicious network activity.
Preparing audit documentation that supports audit results drafting and editing audit findings to adhere to the standards and the agencys writing style.
Research agency and industry IT security practices standards best practices laws and regulations and other applicable resources ensures compliance with standards
Knowledge Skills & Abilities (Not incompassing)
Knowledge of security principles policies and procedures and be able to develop effective security policies.
Knowledge of Information Security Risk Management.
Knowledge of laws regulations policies principles and ethics as they relate to cybersecurity and privacy. (Required: NIST 800-53 R5 IRS Pub1075 IPAA/HITRUST CJIS and MARS-E)
Expert knowledge of internal auditing internal controls and risk management practices and methods.
Knowledge of Selection/Approval Implementation and Assessment/Audit of Security and Privacy Controls.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of Authorization/Approval of Information Systems.
Knowledge in conducting audits or reviews of technical systems.
Knowledge in comprehensive understanding of internal control environments within the IT function.
Knowledge in multiple technology domains including aspects of Windows Unix and/or database administration software development and networking.
Knowledge in identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
Ability to produce high quality work products for both the IT groups and Senior Management.
Ability to perform excellent interpersonal written and oral communication skills.
Ability to assess manage and improve security policies and procedures.
Ability to work collaboratively in teams and across organizations.
Ability to synthesize feedback and adjust plans accordingly build strong relationships inside and outside the organization and manage large teams.
Ability to ensure security practices are followed throughout all phases of the life cycle of every aspect of business and IT processes.
Ability to develop policy plans and strategy in compliance with laws regulations
policies and standards in support of organizational cyber activities.
Ability to exercise judgment when policies are not well-defined.
Ability to ensure information security management processes are integrated with strategic and operational planning processes.
Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.
Ability to understand technology management and leadership issues related to organization processes and problem solving.
Ability to understand the basic concepts and issues related to cyber and its organizational plans and materials to support user adoption training and customer service.
Ability to work collaboratively in teams and across organizations.
Develop plans and materials to support user adoption training and customer service.
Work directly with users from other divisions programs and service units to provide insight and guidance.
Identify risks and suggest improvements to information systems and processes.
Support technical project managers to fulfill information analysis requirements with the highest degree of accuracy and quality.
Develop and maintain key project artifacts.
Knowledge of security principles policies and procedures and be able to develop effective security policies.
Knowledge of Information Security Risk Management.
Knowledge of laws regulations policies principles and ethics as they relate to cybersecurity and privacy. (Required: NIST 800-53 R5 IRS Pub1075 IPAA/HITRUST CJIS and MARS-E)
Expert knowledge of internal auditing internal controls and risk management practices and methods.
Knowledge of Selection/Approval Implementation and Assessment/Audit of Security and Privacy Controls.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of Authorization/Approval of Information Systems.
Knowledge in conducting audits or reviews of technical systems.
Knowledge in comprehensive understanding of internal control environments within the IT function.
Knowledge in multiple technology domains including aspects of Windows Unix and/or database administration software development and networking.
Knowledge in identifying cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
Ability to produce high quality work products for both the IT groups and Senior Management.
Ability to perform excellent interpersonal written and oral communication skills.
Ability to assess manage and improve security policies and procedures.
Ability to work collaboratively in teams and across organizations.
Ability to synthesize feedback and adjust plans accordingly build strong relationships inside and outside the organization and manage large teams.
Ability to ensure security practices are followed throughout all phases of the life cycle of every aspect of business and IT processes.
Ability to develop policy plans and strategy in compliance with laws regulations
policies and standards in support of organizational cyber activities.
Ability to exercise judgment when policies are not well-defined.
Ability to ensure information security management processes are integrated with strategic and operational planning processes.
Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.
Ability to understand technology management and leadership issues related to organization processes and problem solving.
Ability to understand the basic concepts and issues related to cyber and its organizational plans and materials to support user adoption training and customer service.
Ability to work collaboratively in teams and across organizations.
Develop plans and materials to support user adoption training and customer service.
Work directly with users from other divisions programs and service units to provide insight and guidance.
Identify risks and suggest improvements to information systems and processes.
Support technical project managers to fulfill information analysis requirements with the highest degree of accuracy and quality.
Develop and maintain key project artifacts.
Required Skills Preferred Skills
Skill Type
Skill Name
Certification Education License Other Skill
NIST 800-53R5 (Must have)
Certification Education License Other Skill
Risk Management Framework (RMF)
Certification Education License Other Skill
Windows/Unix experience
Skill Type
Skill Name
Certification Education License Other Skill
Project Management experience
Certification Education License Other Skill
CISSP CCSP GSTRT GSNA or CAP certification
