Senior Security Analyst (Information Systems Analyst II, Opt. S)

About The Position

Requirements

• Requires knowledge, skill, and mental development equivalent to four (4) years of college with course work in computer science or directly related fields.
• Requires three (3) years of professional experience in security or a related Information Technology field.
• Requires three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev 5 or comparable cybersecurity frameworks for enterprise information systems.
• Requires three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection.
• Requires three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, application and infrastructure.

Nice To Haves

• Three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev. 5 or comparable cybersecurity frameworks for enterprise information systems.
• Three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection.
• Three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, applications, and infrastructure.
• Three (3) years of professional experience managing or coordinating business continuity, disaster recovery, or incident response activities, including development, testing, and documentation of related plans.
• Three (3) years of professional experience independently planning, coordinating, and executing complex IT or cybersecurity projects, including documentation, quality assurance, and stakeholder communication.
• Extensive knowledge of LAN/WAN architecture, network topologies, and security infrastructure components supporting enterprise or multi-agency environments.
• Ability to analyze and evaluate security controls across multiple control families within established security frameworks, exercising sound judgment in operational and procedural decision-making.
• Developed verbal and written communication skills to clearly present technical, risk, or compliance information to diverse audiences, including executives, technical teams, and external partners.
• Ability to establish and maintain effective working relationships with colleagues, vendors, agency partners and external partners to support collaborative cybersecurity and compliance initiatives.
• Relevant certifications in networking or information security (e.g., CISM, CISSP, GSEC, CRISC).

Responsibilities

• Serves as a Senior Security Analyst for the Department of Innovation & Technology (DoIT), supporting the Get Covered Illinois (GCI) Program under the Department of Insurance (DOI), performing complex and specialized professional work in the administration and management of cybersecurity risk, adhering to NIST SP 800-53 Rev. 5 and other applicable federal frameworks, including those adopted by the Centers for Medicare & Medicaid Services (CMS) for Health Insurance Marketplace Information Systems.
• Coordinates network planning, administration, and operations activities in support of the HIX platform and related systems.
• Serves as project leader on highly complex projects while independently planning, developing, and implementing techniques for gathering and interpreting data.
• Functions as IT liaison interacting with third party information system vendors, other state agencies and outside entities, including agencies of other states, and the federal government.
• Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Benefits

• Competitive Group Insurance benefits including health, life, dental and vision plans
• Flexible work schedules (when available and dependent upon position)
• 10 -25 days of paid vacation time annually (10 days for first year of state employment)
• 12 days of paid sick time annually which carryover year to year
• 3 paid personal business days per year
• 13-14 paid holidays per year dependent on election years
• 12 weeks of paid parental leave
• Pension plan through the State Employees Retirement System
• Deferred Compensation Program – voluntary supplemental retirement plan
• Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)
• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility