Information Security Analyst - Governance, Risk, Compliance (GRC)
Updated: June 29
Houston
Expired
0
0mi
Job Abstract
Under minimal direction the Information Security Analyst will help to ensure cybersecurity risks and threats are proactively identified and addressed to maintain the protection of Harris County's information systems, critical assets, and network security infrastructure. Job Duties and Responsibilities:Conducts information security risk assessments and facilitates review of cloud and hybrid cloud, and on premise IT solutions and infrastructure. Performs third-party vendor security risk assessment... more details
Position Description
Position Overview:
Under minimal direction the Information Security Analyst will help to ensure cybersecurity risks and threats are proactively identified and addressed to maintain the protection of Harris County's information systems, critical assets, and network security infrastructure.
Job Duties and Responsibilities:
Conducts information security risk assessments and facilitates review of cloud and hybrid cloud, and on premise IT solutions and infrastructure.
Performs third-party vendor security risk assessments, as required to support governance efforts.
Serves as a subject matter expert and/or provides direction on processes, projects, and issues pertaining to Cloud Security with emphasis on Microsoft Azure.
Stays up to date on the latest cybersecurity threats and vulnerabilities, and provides recommendations for addressing them, with a focus on Microsoft Azure cloud security.
Utilizes security controls to improve security posture, and research emerging threats relevant to cloud and hybrid cloud operations.
Assesses and prioritizes information security risk, facilitates compliance with regulatory requirements and information security policies and procedures.
Oversee assigned project activities daily to ensure on-time completion of planned tasks.
Supports development of remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed and assist in presenting cybersecurity risks and gaps to stakeholders as appropriate.
Responsible for design input, implementation, and maintenance of multiple enterprise-wide security solutions to address Cybersecurity needs as they are identified and prioritized.
Works on projects or issues of high complexity as a subject matter expert that require in-depth knowledge across multiple technical areas and business segments.
Communicate security vulnerabilities and risks to key stakeholders and consults on remediation efforts.
Develops documents to support the overall delivery of Cybersecurity Operations objectives. This includes but is not limited to communications, job aids, educational/training materials, architecture diagrams, technical reference guides, procedures, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO's), Statement of Work (SOW), metrics/measures packages, reports, project plans, and executive presentations with little guidance, as needed.
Coaches and mentors more junior level technical staff.
Participates on Cybersecurity incident response team (CIRT) investigation and response activities as required.
Other duties as assigned.
Harris County is an Equal Opportunity Employer https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net. This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.
Requirements
Education:
High School diploma, or G.E.D. equivalency from an accredited educational institution.
Experience:
(5)-Five years of work experience in an Information Security, Information Technology, Computer Science, IT Risk Management or related field.
Knowledge, Skills, and Abilities (KSAs):
Experience designing, implementing, and executing IT Risk Management projects, cloud solutions, cybersecurity governance, and technologies across complex, large-scale environments.
Ability to build and maintain strong relationships across departments/teams and effectively communicate information security risks and controls to stakeholders and leadership.
A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and ability to thrive in a team environment.
Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained, or stored either manually or electronically (i.e., custodian, maintenance).
Automatic Disqualification:
Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor
Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years
Open arrest for any criminal offense (Felony or Misdemeanor)
Family Violence conviction
NOTE: Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume"will not be accepted for qualifications.
Preferences
Education:
Bachelor's degree in Computer Science, Information Security, Information Technology, Risk Management, or similar area of study from an accredited college or university
Certifications:
Comptia Security+, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM) is preferred.
Experience:
Experience working with Azure cloud platforms, MS Defender and automating cloud-based Compliance and Security.
Experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies, and processes
Experience consulting with business and technology partners on security requirements and best practices
Experience with Governance, Risk & Compliance (GRC) tools
Experience with MS Office 365 (Word, Excel, PowerPoint, Outlook), SharePoint and PowerBI reporting.
Knowledge, Skills, and Abilities (KSAs):
Knowledge in 3rd party risk management, cloud security, network security, database security, application security, infrastructure and system hardening, technical security controls implementation and ability to judge effectiveness of security control implementation against cyber threats and risk scenarios.
A broad understanding of cybersecurity concepts across multiple domains, applicable security models (e.g., NIST and CIS Critical Security Controls) and regulations (e.g., CJIS, PCI, HIPAA, and Privacy Act).
Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel.
Ability to confront challenges in a constructive fashion and influence others through consensus building techniques.
Be able to weigh business needs against security concerns and articulate issues to management and stakeholders.
Exceptional leadership, verbal and written communication, and project management skills.
General Information
Position Type and Typical Hours of Work:
40 hours per week
Monday - Friday.
Weekend and 24 on-call infrequently as needed.
Salary:
Commensurate with experience
Based on 26 pay periods.
Location:
406 Caroline St. Houston, TX 77002
Employment may be contingent on passing a drug screen and meeting other standards.
Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.
Job Abstracts is an independent Job Search Engine. Job Abstracts is not an agent or representative and is not endorsed, sponsored or affiliated with any employer. Job Abstracts uses proprietary technology to keep the availability and accuracy of its job listings and their details. All trademarks, service marks, logos, domain names, and job descriptions are the property of their respective holder. Job Abstracts does not have its members apply for a job on the jobabstracts.com website. Additionally, Job Abstracts may provide a list of third-party job listings that may not be affiliated with any employer. Please make sure you understand and agree to the website's Terms & Conditions and Privacy Policies you are applying on as they may differ from ours and are not in our control.
Page Limit Reached
Paging is limited to 5 pages for our non registered users. To use this feature you must be Registered and Logged In.
Any time you conduct a search, the system shows you job matches, ranked by their Relevance Score (RS).
The score is calculated by a proprietary algorithm that uses Intelligent Machine Learning.
The Relevance Score tells you how well the job opportunity matches your search term or terms.
When not logged in, the system is limited to one search term. Scores for single term matches are usually lower.
When you register, log in, and set up multiple terms prioritized by importance, the jobs found for you will receive a much higher Relevance Score.