Under minimal direction, the Information Security Analyst - Governance, Risk & Compliance (GRC) performs all procedures necessary to ensure the security of information and information systems, and to protect systems from intentional or inadvertent access or destruction.
Serves as a subject matter expert and/or provides direction on processes, projects, and issues pertaining to Cloud Security with emphasis on Microsoft Azure.
Conducts security risk assessments and facilitates review of cloud and hybrid cloud, and on prem IT solutions and infrastructure.
Utilizes cloud security controls to improve security posture, and research emerging threats relevant to cloud and hybrid cloud operations.
Develops, manages, and coordinates security risk assessments for third-party vendors, Harris County internally developed / managed applications and systems to ensure Confidentiality, Integrity, and Availability (CIA triad).
Assesses and prioritizes information security risk, facilitates compliance with regulatory requirements and information security policies and procedures.
Plans, research, and reviews cybersecurity architecture for the county’s Infrastructure (on prem, cloud) projects.
Identifies security design gaps in existing /proposed architectures and recommend changes/enhancements.
Leads the evaluation, design, and implementation of new security solutions and technologies.
Responsible for the creation and implementation of IT Security Policies, Standards, Procedures, Guidelines, and the on-going management of IT Security Policy Development and Exception Management Processes.
Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, metrics/measures packages, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and executive presentations with little guidance, as needed to support the overall delivery of Information Security objectives.
Designs and implements tools and processes to proactively monitor and govern the effectiveness of Information security controls and services.
Develops and maintains metrics, executive dashboards and/or regular reports to communicate IT security risks.
Assists in presenting cybersecurity risks and gaps to stakeholders as appropriate.
Helps establish remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed as agreed.
Will actively participate in the on-going review and management of the Harris County Cyber Security Framework and Cybersecurity Policies to ensure alignment with governance objectives.
Must be able to weigh business needs against security concerns and articulate issues to management.
Conducts accurate evaluation of the level of security required and will assist in the evaluation and implementation of other new security solutions and technologies as needed.
Works on multiple projects as a project leader or as the subject matter expert. Works on projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
Coaches and mentors more junior level managerial and technical staff.
Conducts communications and Cybersecurity training sessions as required to support the success of the program.
Other duties as assigned.