The candidate will perform cyber security risk, governance and compliance management and oversight.

QUALIFICATIONS

• A four (4) year degree in Information Systems, Computer Science or Cyber Security. 
• Staff must have a minimum of five (5) years of current experience in:

(i) Risk Management

(ii) Governance and Compliance

(iii) Information Security

(iv) Special Publication National Institute of Standards and Technology (NIST) 800 series

SKILLS, KNOWLEDGE AND ABILITIES

• The Senior Cyber Security Analyst (GRC) must have experience conducting/implementing/managing information systems audits.
•  Must possess strong written and verbal communication skills. 
• Proficiency with all Microsoft (MS) Office programs is necessary, including familiarity with SharePoint. 
• Conducting and/or coordinating information security risk assessments for technology and security frameworks.
• Facilitating multiple stakeholders to agree on appropriate security solutions and verifying that security risks are mitigated appropriately.
•  Verifying that required security controls are built into new products.
• Performing deep dives on Information security-related processes and systems.
•  Identifying system limitations that could lead to regulatory risks in new products and services and provide guidance for resolution and risk mitigation. 
• Staying abreast of innovative business and technology trends in Information Security, risk, and controls and advising leadership on technology initiatives. 
• Carrying out risk assessments and gap analysis of multi-networks and cloud environments using compliance standards and frameworks such as PCI, Diplomatic Security Service (DSS), Criminal Justice Information Services (CJIS) and NIST. 
• Creating, managing, and enforcing compliance requirements for business process and information systems and assisting in the development of Authority wide cybersecurity compliance program.
•  Designing and/or implementing Information Security solutions in an enterprise environment.
•  Leading initiatives for re-architecting and reengineering of security controls to enhance the security posture of the Authority. 
• Strong knowledge of Vulnerability Management Remediation and Payment Card Industry (PCI) Compliance

Certification Requirements:

(i) Certified Information Systems Security Professional (CISSP)
(ii) CRISC

(iii) Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)

Salary: D.O.E.

Start Time: Spring 2021