Senior IT Risk Analyst
About The Position
Virginia Alcoholic Beverage Control Authority, a multi-faceted and progressive state organization, is seeking a highly motivated and experienced Sr. IT Risk Analyst to join its Information Security team. This position will establish and maintain information policy and standards, evaluating security controls for compliance and effective risk mitigation, conducting solution and supplier assessments, performing risk assessments and managing risk treatment plans. Demonstrated abilities to: Develop, apply and interpret information security policy, standards, and procedures. Identify discrepancies, articulate recommendations and maintain accurate records, to include performance metrics and risk assessments. Function efficiently and effectively in a professional team environment, work independently to handle multiple projects with conflicting priorities and communicate effectively, both orally and in writing, with all levels of management and staff. Ideal candidate must have exceptional attention to detail, analytical, decision making, and critical thinking skills, customer service, interpersonal, organizational, and leadership skills are paramount. Must be flexible and able to adapt to new situations and environments.
Requirements
- Considerable working experience and working knowledge of information security standards, risk management frameworks and methodologies, broad based knowledge and working experience with multiple technologies, solutions, and service paradigms (e.g., SaaS, PaaS).
- Ability to configure and execute tools and techniques verifying and validating the successful implementation of security controls.
- Interpreting and synthesizing information security standards into policy, standards, controls, and solutions. Leading risk management activities and developing approved controls.
- Evaluating proposed solutions for compliance and effective risk management.
- Aggregating and reporting relevant information to risk decision makers, to include the Executive team and external partners, such as vendors or the Commonwealth Security Risk Management team.
- Planning and managing small to large efforts with significant independence.
Nice To Haves
- Graduation from college with a bachelor's degree in information systems or cybersecurity or equivalent work experience
- Possession of a professional security certification Certified Information Systems Security Professional (CISSP) or The Certified Information Systems Auditor (CISA) Certification
Responsibilities
- Establish and maintain information policy and standards
- Evaluating security controls for compliance and effective risk mitigation
- Conducting solution and supplier assessments
- Performing risk assessments
- Managing risk treatment plans
- Develop, apply and interpret information security policy, standards, and procedures.
- Identify discrepancies, articulate recommendations and maintain accurate records, to include performance metrics and risk assessments.
- Function efficiently and effectively in a professional team environment, work independently to handle multiple projects with conflicting priorities and communicate effectively, both orally and in writing, with all levels of management and staff.
Benefits
- Excellent work/life balance
- Paid Time Off (PTO) earned every two weeks worked and 14 paid holidays
- Affordable healthcare with employer contributions
- Virginia Retirement System (VRS) benefits
- College Tuition Reimbursement program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Executive, Legislative, and Other General Government Support
Number of Employees
101-250 employees
