Job Description - Information Security Analyst I – Division of Information Technology (R024840) Information Security Analyst I – Division of Information Technology-R024840 : DC-Washington : Regular : Exempt : Standard Relocation Provided: Yes Compensation Grade Low: FR PAY GRADE 23 Compensation Grade High: FR PAY GRADE 25 Minimum Salary: $78,800.00 Maximum Salary: $170,000.00 : Nov 8, 2024 Minimum Education Bachelor's degree or equivalent experience Minimum Experience 1 Summary Supports the process of designing and implementing security measures to meet the needs of the organization’s IT systems. Develops a foundational understanding of system architecture and the ability to design security solutions that can be applied to multiple systems. Uses data analytics to identify potential security risks and make data-driven decisions about how to improve security across the organization. Collaborates with other cybersecurity professionals to develop and implement security solutions that can withstand potential threats. With extensive guidance, provides technical and analytical information security support to ensure Board information and systems are adequately protected. Duties and Responsibilities - Supports the implementation of risk management and continuous monitoring activities for technology portfolios. Utilizes foundational knowledge of risk management principles to evaluate and mitigate potential risks and identify emerging risks using established frameworks and guidelines. Participates in assessing the causes and sources of risk, the impacts, and the probability of occurrence.
- With extensive guidance, supports planning and implementation of the cybersecurity initiative, such as Cybersecurity Executive Order directives including Zero Trust Architecture.
- Coordinates with team members to create and communicate plans (action, operating, automation, strategic plans), options, and approaches to ensure continuous service and process improvement.
- Helps design and/or develops new policies and procedures to address cybersecurity and operational risk and may make recommendations to senior management on resilience, information technology, and critical infrastructure. Shadows more senior staff to learn to improve upon business processes by employing a systematic approach of evaluating and optimizing underlying processes.
- Utilizes foundational knowledge of and adherence to applicable governing standards to work closely with the Division of IT security teams to support compliance with the Board Information Security Program (BISP).
- Supports the facilitation of the initiation and completion of all security assessments and meeting agreed upon schedules by the supported divisions and certifying agents.
- Shadows more senior staff to provide premier IT and business consulting support to provide expert recommendations and function as a trusted advisor to clients and stakeholders. May include foundational knowledge of IT systems, strategic planning, researching new and emerging technologies, evaluating proposed IT solutions, supporting IT procurement activities, and briefing leadership.
- Supports teammates to work with clients and vendors to implement information system security lifecycle plans in compliance with applicable security statutes and regulations.
- With extensive guidance, works on project team to implement and measure the effect of minimally complex security, data loss prevention and privacy strategies. Effectively plans, prioritizes, and executes assignments and work activities with regular supervision.
- Utilizes foundational knowledge of system security standards, best practices, trends, preventative measures, and disaster recovery processes to verify the effectiveness of the security controls protecting systems, which may entail developing and implementing test scripts and running security scans. May recommend security enhancements.
- Participates in developing techniques and procedures for conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Shadows more senior staff to enhance techniques and procedures for conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Supports conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Applies foundational understanding of the implications and impact of provisioning unnecessary access within systems.
- Participates in designing reporting dashboards and creating data visualizations and reports for a variety of audiences. Effectively communicates technical terms to provide guidance on complex data and information in a succinct and compelling manner. Minimally skilled in developing written and oral communication to articulate technical concepts, ideas, and recommendations to various audiences. Support ad-hoc information security initiatives and special assignments.
Duties and Responsibilities
- Supports the implementation of risk management and continuous monitoring activities for technology portfolios. Utilizes foundational knowledge of risk management principles to evaluate and mitigate potential risks and identify emerging risks using established frameworks and guidelines. Participates in assessing the causes and sources of risk, the impacts, and the probability of occurrence.
- With extensive guidance, supports planning and implementation of the cybersecurity initiative, such as Cybersecurity Executive Order directives including Zero Trust Architecture.
- Coordinates with team members to create and communicate plans (action, operating, automation, strategic plans), options, and approaches to ensure continuous service and process improvement.
- Helps design and/or develops new policies and procedures to address cybersecurity and operational risk and may make recommendations to senior management on resilience, information technology, and critical infrastructure. Shadows more senior staff to learn to improve upon business processes by employing a systematic approach of evaluating and optimizing underlying processes.
- Utilizes foundational knowledge of and adherence to applicable governing standards to work closely with the Division of IT security teams to support compliance with the Board Information Security Program (BISP).
- Supports the facilitation of the initiation and completion of all security assessments and meeting agreed upon schedules by the supported divisions and certifying agents.
- Shadows more senior staff to provide premier IT and business consulting support to provide expert recommendations and function as a trusted advisor to clients and stakeholders. May include foundational knowledge of IT systems, strategic planning, researching new and emerging technologies, evaluating proposed IT solutions, supporting IT procurement activities, and briefing leadership.
- Supports teammates to work with clients and vendors to implement information system security lifecycle plans in compliance with applicable security statutes and regulations.
- With extensive guidance, works on project team to implement and measure the effect of minimally complex security, data loss prevention and privacy strategies. Effectively plans, prioritizes, and executes assignments and work activities with regular supervision.
- Utilizes foundational knowledge of system security standards, best practices, trends, preventative measures, and disaster recovery processes to verify the effectiveness of the security controls protecting systems, which may entail developing and implementing test scripts and running security scans. May recommend security enhancements.
- Participates in developing techniques and procedures for conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Shadows more senior staff to enhance techniques and procedures for conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Supports conducting cybersecurity risk assessments and compliance audits and evaluating and testing hardware, firmware, and software. Appl ies foundational understanding of the implications and impact of provisioning unnecessary access within systems.
- Participates in designing reporting dashboards and creating data visualizations and reports for a variety of audiences. Effectively communicates technical terms to provide guidance on complex data and information in a succinct and compelling manner. Minimally skilled in developing written and oral communication to articulate
Position Requirements:
FR-23 Minimal Qualifications:
Requires a bachelor’s degree in computer science, information technology, cybersecurity, or a related business technology field and one year of experience. Must have foundational knowledge in the following areas: business process improvement, risk management, system security, system design, information security, security standards, compliance , and project management. Must be able to work effectively with more senior staff. Must be able to support more senior staff with one or more of the following: designing security systems, investigating and resolving security breaches, consulting, technical writing, and communication.
FR-24 Minimal Qualifications:
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and three years of experience. Must have intermediate knowledge in the following areas: business process improvement, risk management, system security, system design, information security, security standards, compliance, and project management. Must be able to work effectively with more senior staff. Must be able to support more senior staff with one or more of the following: designing security systems, investigating and resolving security breaches, consulting, technical writing, and communication
FR-25 Minimal Qualifications:
Requires a bachelor’s degree in computer science, information technology, cybersecurity or a related business technology field and four years of experience. Must have intermediate knowledge in the following areas: business process improvement, risk management, system security, system design, information security, security standards, compliance, and project management. Must be able to work effectively with more senior staff. Must be able to assist more senior staff with one or more of the following: designing security systems, investigating and resolving security breaches, consulting, technical writing, and communication.
Uses critical thinking to conceptualize and/or evaluate information to determine appropriate strategies and solutions, after being given moderate to minimal instruction and guidance from more senior staff. Applies technical expertise, initiative, reliability, and judgment. May help develop strategies for improving systems.
Works on a wide variety of low complexity tasks requiring critical thinking and analytical skills. Completes tasks and activities in a timely manner. May identify new initiatives/projects that will further the work of the section or division.
Has knowledge of dashboarding and automation tools, specifically PowerPlatform, and has experience with creating various automation solutions for compliance workflows. Experience with vendor risk management and security/procurement workflows.
There is a lead candidate for this position.
This position is hybrid, requiring a combination of telework and in-office presence in Washington, DC. | |
|