Lorven Technologies
Information Security Analyst
Lorven Technologies, Boston, Massachusetts, us, 02298
Position: Information Security Analyst
Location: Remote with Once a week in Boston, MA
Contract
Summary of the Position
This posting is for an Information Security Analyst to assist the Executive Office for Administration and Finance IT (A&F IT). A&F IT is seeking a highly skilled and detail-oriented Information Security Analyst to join the Office of the Chief Information Security Office (CISO) team. The ideal candidate will be responsible for coordinating internal and external audits, performing comprehensive risk assessments and developing robust security policies. This role requires a deep understanding of security frameworks, regulatory requirements, and best practices to ensure the organization's information assets are protected against potential threats.
Key Responsibilities:Coordinate security audits between 3rd party auditors and IT teams
Meet with auditors and confirm scope of engagementsGather and organize responses and evidenceConsolidate materials and analyze content for completeness and accuracySolicit and coordinate reviews with security team SME(s)Present information to auditors and other key stakeholdersDocument and track progress of Corrective Action Plans
Policy and Procedure administration
Manage catalog of Information Security Policies and ProceduresEnsure annual reviews and updates are completeWork with the Department of Revenue's (DOR's) Risk Management team to identify business impact of policies
Conduct Internal IT risk assessments
Interview SMEs and document in-place controls against NIST800-53Identify control deficienciesDrive remediation of deficiencies
Facilitate Risk assessments of 3rd party vendors
Maintain schedule of assessmentsMaintain 3rd party vendor questionnairesCoordinate assessments between vendor, business andCollect and consolidate responsesEscalate 3rd party vendor control weaknesses to security team SME(s)
Qualifications:Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.Minimum of 3-5 years of experience in information security, risk management, or a related field.Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT).Experience with risk assessment methodologies and tools.Excellent analytical and problem-solving skills.Strong written and verbal communication skills, with the ability to convey complex information to a non-technical audience.Detail-oriented with strong organizational skills and the ability to manage multiple tasks simultaneously.Key Competencies:
Proactive approach to identifying and mitigating security risks.Ability to work independently and as part of a team.Strong interpersonal skills and the ability to work effectively with stakeholders at all levels of the organization.High level of integrity and ethical conduct.Commitment to continuous improvement and staying updated with the latest security trends and technologies.
Location: Remote with Once a week in Boston, MA
Contract
Summary of the Position
This posting is for an Information Security Analyst to assist the Executive Office for Administration and Finance IT (A&F IT). A&F IT is seeking a highly skilled and detail-oriented Information Security Analyst to join the Office of the Chief Information Security Office (CISO) team. The ideal candidate will be responsible for coordinating internal and external audits, performing comprehensive risk assessments and developing robust security policies. This role requires a deep understanding of security frameworks, regulatory requirements, and best practices to ensure the organization's information assets are protected against potential threats.
Key Responsibilities:Coordinate security audits between 3rd party auditors and IT teams
Meet with auditors and confirm scope of engagementsGather and organize responses and evidenceConsolidate materials and analyze content for completeness and accuracySolicit and coordinate reviews with security team SME(s)Present information to auditors and other key stakeholdersDocument and track progress of Corrective Action Plans
Policy and Procedure administration
Manage catalog of Information Security Policies and ProceduresEnsure annual reviews and updates are completeWork with the Department of Revenue's (DOR's) Risk Management team to identify business impact of policies
Conduct Internal IT risk assessments
Interview SMEs and document in-place controls against NIST800-53Identify control deficienciesDrive remediation of deficiencies
Facilitate Risk assessments of 3rd party vendors
Maintain schedule of assessmentsMaintain 3rd party vendor questionnairesCoordinate assessments between vendor, business andCollect and consolidate responsesEscalate 3rd party vendor control weaknesses to security team SME(s)
Qualifications:Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.Minimum of 3-5 years of experience in information security, risk management, or a related field.Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001, COBIT).Experience with risk assessment methodologies and tools.Excellent analytical and problem-solving skills.Strong written and verbal communication skills, with the ability to convey complex information to a non-technical audience.Detail-oriented with strong organizational skills and the ability to manage multiple tasks simultaneously.Key Competencies:
Proactive approach to identifying and mitigating security risks.Ability to work independently and as part of a team.Strong interpersonal skills and the ability to work effectively with stakeholders at all levels of the organization.High level of integrity and ethical conduct.Commitment to continuous improvement and staying updated with the latest security trends and technologies.