Information Security Analyst - GRC

Position Description

Position Overview:

Under minimal direction, the Information Security Analyst

• Governance, Risk & Compliance (GRC) performs all procedures necessary to ensure the security of information and information systems, and to protect systems from intentional or inadvertent access or destruction.

Job Duties and Responsibilities:

• Serves as a subject matter expert and/or provides direction on processes, projects, and issues pertaining to Cloud Security with emphasis on Microsoft Azure.

• Conducts security risk assessments and facilitates review of cloud and hybrid cloud, and on prem IT solutions and infrastructure.

• Utilizes cloud security controls to improve security posture, and research emerging threats relevant to cloud and hybrid cloud operations.

• Develops, manages, and coordinates security risk assessments for third-party vendors, Harris County internally developed / managed applications and systems to ensure Confidentiality, Integrity, and Availability (CIA triad).

• Assesses and prioritizes information security risk, facilitates compliance with regulatory requirements and information security policies and procedures.

• Plans, research, and reviews cybersecurity architecture for the county's Infrastructure (on prem, cloud) projects.

• Identifies security design gaps in existing /proposed architectures and recommend changes/enhancements.

• Leads the evaluation, design, and implementation of new security solutions and technologies.

• Responsible for the creation and implementation of IT Security Policies, Standards, Procedures, Guidelines, and the on-going management of IT Security Policy Development and Exception Management Processes.

• Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, metrics/measures packages, Request for Proposal/Offers (RFP/RFO's), project plans, communications, and executive presentations with little guidance, as needed to support the overall delivery of Information Security objectives.

• Designs and implements tools and processes to proactively monitor and govern the effectiveness of Information security controls and services.

• Develops and maintains metrics, executive dashboards and/or regular reports to communicate IT security risks.

• Assists in presenting cybersecurity risks and gaps to stakeholders as appropriate.

• Helps establish remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed as agreed.

• Will actively participate in the on-going review and management of the Harris County Cyber Security Framework and Cybersecurity Policies to ensure alignment with governance objectives.

• Must be able to weigh business needs against security concerns and articulate issues to management.

• Conducts accurate evaluation of the level of security required and will assist in the evaluation and implementation of other new security solutions and technologies as needed.

• Works on multiple projects as a project leader or as the subject matter expert. Works on projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.

• Coaches and mentors more junior level managerial and technical staff.

• Conducts communications and Cybersecurity training sessions as required to support the success of the program.

• Other duties as assigned.

Harris County is an Equal Opportunity Employer

https://hrrm.harriscountytx.gov/Pages/EqualEmploymentOpportunityPlan.aspx

If you need special services or accommodations, please call (713) 274-5445 or email ADACoordinator@bmd.hctx.net.

This position is subject to a criminal history check. Only relevant convictions will be considered and, even when considered, may not automatically disqualify the candidate.

Requirements

Education:

• High School diploma, or G.E.D. equivalency from an accredited educational institution.

Experience:

• 5 years of work experience in Information Security, or IT Risk Management.

Knowledge, Skills, and Abilities (KSAs):

• Experience designing, implementing, and executing IT Risk Management projects, information security governance, tools, and technologies across complex, large-scale environments,

• Experience writing IT risk assessments and controls, and developing Information Security policies, procedures including Exception Management Processes

• Experience with Microsoft Azure security and compliance controls, cloud security governance and compliance

• Ability to build and maintain strong relationships across departments/teams and effectively communicate solution designs to stakeholders and leadership

Applicants for this position will be subject to a criminal background check that includes being fingerprinted. This applies to any position with network access to Criminal Justice Information Services (CJIS) or access to an area where CJIS is received, maintained or stored either manually or electronically (i.e., custodian, maintenance).

Automatic Disqualification:

• Convictions, probation, or deferred adjudication for any Felony, and any Class A Misdemeanor

• Convictions, probation, or deferred adjudication for a Class B Misdemeanor, if within the previous 10 years

• Open arrest for any criminal offense (Felony or Misdemeanor)

• Family Violence conviction

NOTE: Qualifying education, experience, knowledge, and skills must be documented on your job application. You may attach a resume to the application as supporting documentation but ONLY information stated on the application will be used for consideration. "See Resume" will not be accepted for qualifications.

Preferences

Education:

• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) or CompTIA Security+ Certification is preferred.

Experience:

• Experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies, and processes

• Experience consulting with business and technology partners on general security requirements, network controls and best practices

• Experience with Governance, Risk & Compliance (GRC) tools

• Experience with MS Office 365 (Word, Excel, PowerPoint, Outlook), Teams, SharePoint, QuickBase, and PowerBI.

Knowledge, Skills, and Abilities (KSAs):

• Ability to confront challenges in a constructive fashion and influence others through consensus building techniques

• Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel

• Strong technical writing, research, analysis, and analytical/problem solving skills

• A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and ability to thrive in a team environment

• Strong knowledge and experience in securing networks, firewalls, and infrastructure in a complex environment

• A broad understanding of cybersecurity concepts across all domains, applicable security models (e.g., NIST Cybersecurity Framework (CSF), CIS Critical Security Controls), ISO 2700X, and regulations (e.g., CJIS, PCI, HIPAA, and Privacy Act)

• Exceptional leadership, verbal and written communication, and project management skills.

General Information

Position Type and Typical Hours of Work:

• 40 hours per week / Monday

• Friday

• Weekends and 24 on-call infrequently, as needed.

Salary:

• Commensurate with experience.

• Based on 26 pay periods

Location:

• 406 Caroline St., Houston, TX 77002

Employment may be contingent on passing a drug screen and meeting other standards.

Due to a high volume of applications positions may close prior to the advertised closing date or at the discretion of the Hiring Department.

BENEFITS

Harris County offers a competitive benefits program, including comprehensive group health and related benefits plan as well as defined benefit retirement plan.

The following list of benefits is offered only to employees in regular (full-time) positions:

• Medical Coverage

• Dental Coverage

• Vision Coverage

• Wellness Plan

• Life Insurance

• Long-term disability

• Employee Assistance Program

• Ten (10) days of vacation each year for the first five (5) years of service

• Accrual rates increase based on years of service

• Eleven (11) County-observed holidays and one (1) floating holiday

• Professional development opportunities

• Dependent Care Reimbursement Plan

• Healthcare Reimbursement Account

• 457 Deferred Compensation Plan

The following benefits are also available to regular (full-time) employment and may be available to part-time employees:

• Retirement Pension (TCDRS)
• Flexible schedule (varies by department)
• Transportation Assistance (Metro RideSponsor Program)

In accordance with the Harris County Personnel Regulations, Group Health and related benefits are subject to amendment or discontinuance at any time. Commissioners Court reserves the right to make benefit modifications on the County's behalf as needed.

For plan details, visit the Harris County benefits website:

https://benefitsathctx.com/

01

Which of the following best describes your highest level of education completed as it relates to this position?

• High School or GED diploma

• Associate Degree

• Bachelor's Degree

• Master's Degree or higher

• None of the above

02

Do you have any of the following certifications? Select all that apply:

• Certified Information Systems Security Professional (CISSP)
• Global Information Assurance Certification (GIAC)
• CompTIA Security+ Certification
• N/A; None of the above

03

Which of the following best describes your verifiable work experience in Information Security, or IT Risk Management? (To be considered, qualifying experience must be documented in your application's employment history)

• Less than five (5) years

• Five (5) years but less than six (6) years

• Six (6) years but less than seven (7) years

• Seven (7) years or more

• I do not have this experience

04

Please provide details about your verifiable work experience in Information Security, or IT Risk Management. Do not use "Please see Resume" or "See Resume" (To be considered, qualifying experience must be documented in your application's employment history) Please include your (a) role(s), (b) types of organizations, (c) scope of duties and responsibilities If you do not have this experience, please type "None" in the space provided.

05

Do you have experience designing, implementing, and executing IT Risk Management projects, information security governance, tools, and technologies across complex, large-scale environments?

• Yes

• No

06

Do you have experience writing IT risk assessments and controls, and developing Information Security policies, procedures including Exception Management Processes?

• Yes

• No

07

Do you have experience with Microsoft Azure security and compliance controls, cloud security governance and compliance?

• Yes

• No

08

Do you have experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies, and processes?

• Yes

• No

09

Do you have experience consulting with business and technology partners on general security requirements, network controls and best practices?

• Yes

• No

10

Do you have experience with Governance, Risk & Compliance (GRC) tools?

• Yes

• No

11

Do you have experience with MS Office 365 (Word, Excel, PowerPoint, Outlook), Teams, SharePoint, QuickBase, and PowerBI?

• Yes

• No

12

Which of the following describes your level of proficiency using a personal computer and common office software such as MS Office Suite (Word, Excel, PowerPoint, and Outlook). Please select your level of proficiency based on the following descriptions: Advanced: A person with this level of skills is able to produce very large, complex formal documents that require a table of contents, footnotes, endnotes, bookmarks, and other special elements; a wide range of graphic effects, and use advanced techniques for analyzing and manipulating data. Has full mastery of Macro commands and skills to tie the objects together into a cohesive system by using Macros and Visual Basic for Applications code. Makes interactive presentations by using hyperlinks and action buttons. Intermediate: A person with this level of skills is able to customize toolbars, import and insert graphs, embed Excel data, and elaborate reports. Understands the concepts of databases and is able to work with charts and to use the list management capabilities of Excel. Able to use complex query techniques, create efficient forms and reports, and create Macros to automate these forms. Makes interactive presentations by using hyperlinks and action buttons. Basic: A person with this level of skills is able to use basic formatting, editing, printing functions, and understands the document page setup. Has the ability to enter and correct data, modify a workbook, format a worksheet, and use printing functions. Understands the different database concepts and structures and is familiar with data validation and is able to create a simple presentation in PowerPoint, run it, and print it. Entry Level: A person with this level of skills has the ability to open, create, save and modify documents in Word, send and receive email in Outlook and create spreadsheets in Excel. Format documents for printing, comfortable using the printer menu to preview documents. Has ability to change the font, the margins, insert or delete pages and use the built-in spellchecker and grammar check.

• Advanced

• Intermediate

• Basic

• Entry Level

• Not proficient

Required Question

Agency Harris County

Address 1111 Fannin St

Ste. 600

Houston, Texas, 77002

Phone 713-274-5445

Website https://www.governmentjobs.com/careers/harriscountytx