IS Security Risk Analyst III

About The Position

Requirements

• Bachelor's in a job related field Or an additional 4 years of job related work experience Or Associate's and an additional 2 years job related work experience
• 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance experience.
• Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.
• Good understanding of Systems Development Life Cycle methodologies.
• Subject Matter Expert in government or private risk frameworks and control implementations.
• Good understanding of risk management, information system security and compliance standards.
• Excellent analytical and decision-making skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to independently solve problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
• Strong communication skills in presenting results both verbally and in writing.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.

Nice To Haves

• Prior Intelligence System Support Office (ISSO) experience
• 5+ years of GRC (Governance, Risk and Compliance)
• CISSP, ITIL Foundations V3, NIST, ARS, RMF, FedRamp

Responsibilities

• Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process, to ensure identification of areas of non-compliance.
• Utilize tools to track and report on compliance posture.
• Independently conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
• Facilitate development, implementation and documentation of Information Security policies, procedures, processes and programs to guide organization toward continuous compliance.
• Independently analyze and interpret security regulations and controls to advise on security compliance at a broad perspective across multiple business areas.
• Consult on organizational impacts of compliance and risk management decisions.
• Serve as an interface with external entities for governance and compliance reviews regarding information security risk across multiple business areas and controls.
• Independently investigate, document and resolve Information Security Incidents.
• Advise senior management of critical issues that may affect organization.
• Research emerging security topics, threats and capabilities to create/update policy and governance.
• Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices.

Benefits

• We will even cover the difference in your pay if you are called to active duty.