IN-DCS Info Security Analyst

Resource will works as Information Security Analyst responsible for auditing and monitoring systems containing confidential information.

Local candidates only.

Resource will work as an Information Security Analyst responsible for auditing and monitoring systems containing confidential information. This position is also responsible for helping the organization manage its risks by monitoring the organization's IT systems for inefficiencies, inaccuracies, mismanagement, etc. Tasks will include assisting with the configuration of data, application, network, and IAAM logs; assisting with log reporting tools; and monitoring systems for security problems. The position participates in all aspects of the technology audit and monitoring including the planning, control analysis, testing, issue development, and reporting phases. This position will also participate in all federal and state audits against DCS technology systems. Employee works in an Information Technology Division of a State Agency, the Department of Child Services (DCS-IT) under the guidance of the Security Manager.

The essential functions of this role are as follows :

• Monitors and keep supervisor informed of status of information security and confidentiality conditions, including problem areas and recommended enhancement;
• Interfaces with user customers to understand their security needs and implement procedures to accommodate them including training and assessment.
• Assists with preparing for security audits (e.g. IRS, SSA, OCSE, FBI, SBOA) and remediating any findings; assists with creating and submitting reports relevant to security audits.
• Develop information security policies and standards for protection of information systems in compliance with state and federal requirements (e.g. IRS, SSA, OCSE, FBI, IOT) and guidelines (e.g. NIST SP 800-53).
• Develops Standard Operating Procedures (SOP) for implementing security polices;
• Recommends appropriate security safeguards to be included during development of new information technology systems and legacy systems;
• Ensures maximum utilization of computer hardware and software features to secure automated systems and associated data;
• Develops and implements procedures for use of information security management software;
• Proposes information security software enhancements;
• Performs periodic audits to assure security policies and standards are being followed and are effective.
• Develops recommendations for enhancements and generates reports where necessary;
• Keeps abreast of new laws and changes affecting privacy standards, network security, cloud security, remote access, and physical security;
• Mentors and provides guidance to new or other staff as needed;
• Performs related duties as assigned.
• Assist on other task as assigned.
• Thorough knowledge of information security management tools, policies, and standards of information security procedures;
• Thorough knowledge of state and federal legislation and regulatory laws pertaining to information system security and privacy;
• Thorough knowledge of software vulnerabilities, vulnerabilities scanning tools, and vulnerabilities remediation;
• Familiarity with domain structures, user authentication, and digital signatures;
• Ability to develop and maintain information security standards;
• Ability to understand and apply complex computer logic to work;
• Ability to work effectively with a wide range of information technologists, including systems administrators, technical support, application development, end users and management;
• Experience in assessing security needs of teams and assist in their security training.
• Ability to communicate effectively both orally and in writing;
• Ability to be a team member as well as a team leader depending on the situation;
• Degree in information security or technology preferred;
• Security certification preferred (e.g. CISSP).
• Network Admin experience preferred.

Supervisory Responsibilities / Direct Reports :

This role does not provide direct supervision to direct reports.

Required / Desired Skills

SkillRequired / DesiredAmountof ExperienceTo be effectively with wide range of information technologists,including systems administrators, technical support, application development, end usersRequired3YearsNetwork Admin experience Required3YearsSecurity certification (e.g. CISSP, CRISC)Required3YearsAbility to develop and maintain information security standards;Required1YearsAbility to understand and apply complex computer logic to workRequired1YearsDegree in information security or technologyRequired1YearsFamiliar with cybersecurity security framework (e.g. NIST, ISO, SOC 2, CIS, Cobit, etc.)Required0Computer security compliance and auditing experienceRequired0IRS, SSA computer security compliance and audit experienceRequired0HIPAA experienceRequired0

Questions

No.QuestionQuestion1Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you agree to this requirement?Question2What is your candidate's email address?Question3Resource must currently reside in the State of Indiana. Please provide the City and State the resource resides.Question4If selected for engagement, your candidate's hourly Pay Rate must be BETWEEN $$ and $$. The Provider Markup for this position is 35%. Do you agree to these requirements?Question5Resource will have a Hybrid schedule, Monday to Wednesday in office and Thursday to Friday remote. Please confirm the resource understands this requirement.Question6Resource will be required to pass a Fingerprint background check. Please confirm the resource understands this requirement.Question7This position has no overtime requirements. Please confirm the resource understands this requirement.Question8Resource will have addition background checks and security training, once hired onsite. Please confirm the resource understands this requirement.Question9Resource will be required to pick up equipment in person, unless otherwise specified. Please confirm the resource understands this requirement.