Security Analyst

Hybrid Details:
Onsite 4 days/month

Duration:
8 months to start

Job Description

• The Program Security Analyst will work with the�team, systems integrator (SI), product vendor and staff from the Risk Management Team�to deploy technical controls to meet specific end-user security requirements, processes and standards to ensure that security configurations are maintained in the new Financials solution.
• The Security Analyst will be a part of the Technical Implementation team and work closely with the other members of the team to develop and implement a comprehensive information security program. This includes:
• Implementing security policies, processes and standards related to end user roles, data access for application users and how users will be provisioned and de-provisioned.
• Providing operational support for the team, product vendors, and CMW users.
• The Security Analyst will work with the Team, agencies, and SI and product vendors to identify the end-user roles and permissions that will be needed to implement the new Financials solution in multiple agencies and across multiple user types in a manner that ensures appropriate access to data by these parties. Procedures for rolling out user security will be developed in conjunction with the SI and product vendors, and agency staff currently responsible for provisioning and de-provisioning users of the Mosaic application.

Specific Duties

• Works with the Team, SI, and product vendors�to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
• Providing operational support as defined by SLA requirements agreed to by the client and the product vendor.
• Implementation of the client's�IT policies related to data security.
• Working with the Risk Management Office in their assessments and recommended controls regarding data security and security operations.
• Conducting additional business system analysis as needed.
• Facilitating Communication between users and vendors using issue management software.
• Building operational support playbook for day 2 operations
• Ensure the completion of information security operations documentation.
• Works with information security leadership to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new Mosaic solution.
• Performs a configuration update and execution role in application development and implementation related to security requirements and controls, ensures that security controls are implemented as planned and that security and access needs are addressed throughout the User life cycle.
• Works with the�Risk Management Office to identify, select and implement technical controls related to data security and to implement security processes and procedures that ensure security controls are managed and maintained both centrally through the new solution, and within agencies if certain security management tasks are decentralized.
• Advises the Team and SI and product vendors regarding end user security roles and groups, data access controls and security role provisioning and de-provisioning protocols to ensure that data are accessed appropriately in the new Financials solution.
• Supports the�Team and agencies in the tasks required to identify approved end users of the new solution and coordinate provisioning of users for Day One go live.
• Advises security administrators on normal and exception-based processing of security authorization requests including the use of SI or product vendor provided tools that monitor system use and data access irregularities.
• Assists security administrators and IT staff in the resolution of reported security incidents.
• Acts as a liaison between incident response leads and subject matter experts.
• Monitors daily or weekly reports and security logs for unusual events.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
• Researches and assesses new threats and security alerts and recommends remedial actions.
• Supports the implementation of Mosaic complete security profile, including, but not limited to:
• Azure Active Directory (AD) entry
• Mosaic User Security Role
• Mosaic User Business Role
• Mosaic User Workflow Role
• Mosaic Transaction Workflow

Required Skills

• Providing operational security support to end users
• Experience working with modern issue tracking systems (JIRA)
• Understanding of enterprise security best practices, including but not limited to IAM, RBAC, Network Security, SaaS, Cloud Security, Data Security, Encryption, and File transfer management.
• In depth exposure to defining and implementing end user security protocols in a large public or private sector entity comparable in size to the client.
• Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to the client.
• Understanding of information risk concepts and principles as a means of relating business needs to security controls.
• Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.
• In-depth knowledge of risk assessment methods and technologies.
• Good understanding of financial systems security requirements.
• Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Extensive experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
• Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.
• Demonstratable written and verbal communication skills.

Preferred Qualifications

• Experience with Software-as-a-Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options.
• Demonstrated operational security support experience in a Software as a Service (SAAS) solution.
• Exposure to operating end user security protocols, policies, and other in a large public or private sector entity comparable in size to the client.
• Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to client.
• Audit, compliance, or governance experience is preferred.
• Demonstrated exposure to financial systems security requirements.
• Experience with Audit, compliance, or governance actions.
• Experience with Microsoft security tools and functions
• Experience with Snowflake security functions

Minimum Entrance Requirements

• Bachelor's degree in computer science, system analysis or a related study, or equivalent experience in the field of audit compliance and security risk and compliance management.