vTech Solution
Information Security Analyst
vTech Solution, Richmond, Virginia, United States, 23214
Job Title: Information Security Analyst
Location: Richmond, VA
Requesting Department: Legal Division
Work Mode: Hybrid (3 days in office & two remotely) The first two weeks will be 100% on-site for training/onboarding purposes.
Project Duration: 2 Years
NOTE: Interviews will be done the week of 9/30.
This important role will support information security across all Virginia Housing programs, projects, IT systems and application and is assigned to projects/initiatives with security and privacy components. The Information Security Analyst will assist in conducting cyber security & privacy awareness and education throughout Virginia Housing. The Information Security Specialist is also responsible for assisting with creating and maintaining all of Virginia Housing's Information Security and privacy policies and standards. The Information Security Specialist will be part of ISO efforts and assist with other security related projects.
Responsibilities will include:
Participating in Information Security and Privacy efforts across all business areas and vendor engagements to ensure the most appropriate security controls are in place and adhered to by all parties.Working within a Governance Risk and Compliance (GRC) system to add and update information security information, records, and documentation.Partnering with business stakeholders to develop and maintain information System Security Plans (SSP).Representing the Information Security Office in PMO lead projects to ensure significant projects have appropriate ISO representation.Partnering across teams, collaborating with users to understand business challenges, developing options tailored to providing value, facilitating compliance, and providing timely and clear communications.Assisting with development and maintenance of information security standards and processes, including conducting occasional research from various reputable sources.Assisting with controls documentation, including information system diagraming, populating risk assessment templates and drafting control narrative documentation for business approval.Assisting in reviewing contracts, agreements, and other vendor documentation to assure adequate information security protections are in-place.Qualified candidates must possess :
At least (3) years of demonstrated experience in Information Security concepts related to governance, risk and compliance.Extensive knowledge of the principles and practices of information security.Extensive knowledge of the principles and methods applied to information technology infrastructure planning, implementation, and management.Ability to organize work, set priorities, meet established deadlines, and follow up on assignments with a minimum of direction.Familiarity or experience working with a security framework (NIST, ISO 27001, COBIT, etc.).Superior organizational skills and attention to detail.Ability to continually prioritize and change or adapt to ambiguous situations.Experience drafting Information Security and Privacy policies, standards, and procedures.Ability to interpret and understand security documentation including flow diagrams and process maps.Ability to understand general contract terms and conditions.Ability to create diagrams, flowcharts, and spreadsheets using desktop software.Ability to write clear and concisely to various audiences.Preferred experience includes :
Bachelor's degree in Computer Science or Information Systems or equivalent. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent information security certification is preferred.Previous experience working in the financial services industry is preferred.Knowledge of controls related to cloud security and application security.Knowledge of Information Security regulatory compliance (e.g., GLBA, GDPR, PCI, etc.).Knowledge of various privacy regulations (e.g., GRPR, CCPA, VCDPA, etc.).
Location: Richmond, VA
Requesting Department: Legal Division
Work Mode: Hybrid (3 days in office & two remotely) The first two weeks will be 100% on-site for training/onboarding purposes.
Project Duration: 2 Years
NOTE: Interviews will be done the week of 9/30.
This important role will support information security across all Virginia Housing programs, projects, IT systems and application and is assigned to projects/initiatives with security and privacy components. The Information Security Analyst will assist in conducting cyber security & privacy awareness and education throughout Virginia Housing. The Information Security Specialist is also responsible for assisting with creating and maintaining all of Virginia Housing's Information Security and privacy policies and standards. The Information Security Specialist will be part of ISO efforts and assist with other security related projects.
Responsibilities will include:
Participating in Information Security and Privacy efforts across all business areas and vendor engagements to ensure the most appropriate security controls are in place and adhered to by all parties.Working within a Governance Risk and Compliance (GRC) system to add and update information security information, records, and documentation.Partnering with business stakeholders to develop and maintain information System Security Plans (SSP).Representing the Information Security Office in PMO lead projects to ensure significant projects have appropriate ISO representation.Partnering across teams, collaborating with users to understand business challenges, developing options tailored to providing value, facilitating compliance, and providing timely and clear communications.Assisting with development and maintenance of information security standards and processes, including conducting occasional research from various reputable sources.Assisting with controls documentation, including information system diagraming, populating risk assessment templates and drafting control narrative documentation for business approval.Assisting in reviewing contracts, agreements, and other vendor documentation to assure adequate information security protections are in-place.Qualified candidates must possess :
At least (3) years of demonstrated experience in Information Security concepts related to governance, risk and compliance.Extensive knowledge of the principles and practices of information security.Extensive knowledge of the principles and methods applied to information technology infrastructure planning, implementation, and management.Ability to organize work, set priorities, meet established deadlines, and follow up on assignments with a minimum of direction.Familiarity or experience working with a security framework (NIST, ISO 27001, COBIT, etc.).Superior organizational skills and attention to detail.Ability to continually prioritize and change or adapt to ambiguous situations.Experience drafting Information Security and Privacy policies, standards, and procedures.Ability to interpret and understand security documentation including flow diagrams and process maps.Ability to understand general contract terms and conditions.Ability to create diagrams, flowcharts, and spreadsheets using desktop software.Ability to write clear and concisely to various audiences.Preferred experience includes :
Bachelor's degree in Computer Science or Information Systems or equivalent. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent information security certification is preferred.Previous experience working in the financial services industry is preferred.Knowledge of controls related to cloud security and application security.Knowledge of Information Security regulatory compliance (e.g., GLBA, GDPR, PCI, etc.).Knowledge of various privacy regulations (e.g., GRPR, CCPA, VCDPA, etc.).