PRIMARY FUNCTION:
The Cyber Security Analyst II – GRC (Governance, Risk and Compliance) Specialist is responsible for conducting risk assessments of enterprise-wide systems, applications, network and network connected devices to ensure compliance with the implementation and maintenance of controls mandated by Jefferson security policy and standards. The role requires partnership with IT, business owners, and third parties towards implementing a safe and secure solution. This position is intended to provide highly skilled compliance and information security expertise for assessing Jefferson’s compliance and risk posture related to its information assets. It also requires the support of cyber security initiatives through predictive and reactive analysis, articulating emerging trends to leadership and staff.
ESSENTIAL FUNCTIONS:
OTHER FUNCTIONS AND COMPETENCIES:
EDUCATIONAL/TRAINING REQUIREMENTS:
Bachelor’s degree in an information technology field preferred
_________________________________________________________________________
CERTIFICATES, LICENSES, AND REGISTRATION:
At least one information security certification, such as a SSCP, CISA, CISM, CISSP, CRISC, or professional certificate is a plus. ISACA certification is preferred.
_________________________________________________________________________
EXPERIENCE REQUIREMENTS:
At least five years’ experience in an information security function, ability to multi-task, a keen eye for detail, excellent follow-through, strong organizational skills, the ability to thrive in fast-paced, high-stress situations, ability to communicate cyber security issues to peers and management via oral and written format. 5+ years’ solid understanding of Cyber Security & IT controls, network / systems / application penetration testing and vulnerability assessments. Experience with NIST and ISO frameworks. Solid knowledge of HIPAA, HITECH, FERPA, and other IT security governing bodies. Experience working with a Governance Risk and Compliance tool is a plus.