Information Security Analyst

Information Security Compliance Analyst is a mid-level position that focuses on ensuring compliance with regulatory requirements, mitigating security risks, and fortifying the cybersecurity framework across the Commonwealth. The ideal candidate will monitor compliance, investigate security breaches, implement best practices, and collaborate with stakeholders to promote a culture of security awareness.: Required Experience Ensure compliance with industry regulations, standards (e.g., FISMA, FedRAMP, ISO 27001, NIST), and internal policies. Conduct regular audits, follow-ups, and risk assessments to identify and address compliance gaps. Maintain and update documentation on security processes and policies. Cybersecurity Operations: Monitor and analyze activities in a Security Information and Event Management (SIEM) system. Respond to security incidents, investigate breaches, and document findings. Recommend and implement mitigation strategies for identified vulnerabilities. Collaboration & Training: Lead cross-departmental initiatives to align IT security practices with organizational goals. Conduct training sessions to educate staff on compliance and security best practices. Strategic Initiatives: Research emerging threats and security enhancements, recommending solutions to management. Participate in the development of security tools and procedures to improve overall security posture. Reporting: Prepare and deliver reports for senior management on compliance status, findings, and recommendations. Assist in maintaining the eGRC tool for continuous monitoring and compliance tracking. Preferred Education & Experience: Bachelors degree in computer science, Software Engineering, or a related field (equivalent professional experience may be considered for substitution for the required degree on an exception basis). Candidates with one or more of the following certifications are a plus: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Cloud Security Professional (CCSP) Project Management Professional (PMP) Offensive Security Certified Professional (OSCP) Cybersecurity Analyst (CySA+) CompTIA Security+, CASP+, or PenTest+ GIAC Security Essentials (GSEC) System Security Certified Practitioner (SSCP) Experience: Strong knowledge of IT security frameworks and regulations. Hands-on experience with SIEM tools, network security, and audit processes. Familiarity with government information systems and classified environments is a plus. Skills: Proficient in cybersecurity tools, Microsoft Office Suite, and compliance management systems. Strong analytical, documentation, and communication skills. Ability to work independently and lead projects to successful completion.