IT Security Engineer

Seeking a IT Security Engineer works with the agency CISO, Risk Manager, and Privacy Officer to perform the security analysis and other assigned security/risk tasks.
The IT Consultant is a tenured-level professional responsible for identifying, analyzing, and mitigating complex IT risks across the organization's technology infrastructure. This role involves strategic planning, cross-functional leadership, and subject matter expertise in IT risk management. The IT Consultant will be a part of the IT Risk and Security that works closely with leadership, and external partners to ensure regulatory compliance, enhance the organization's cybersecurity posture, and support enterprise-wide risk and audit initiatives.

Interview: Teams

Location: Columbus, OH

Posting: 779138

Work: Remote

Key Responsibilities:

1. Risk Assessment and Analysis
   • Lead complex IT risk assessments and threat modeling activities across systems and applications.
   • Analyze trends and emerging risks to proactively recommend strategic mitigations.
2. Risk Mitigation and Management
   • Develop and oversee implementation of advanced risk mitigation strategies.
   • Monitor risk programs and revise controls based on performance metrics and audit outcomes.
3. Compliance and Governance
   • Ensure enterprise-wide compliance with federal and state regulations, including HIPAA, IRS Pub. 1075, NIST 800-53, MARS-E, and ISO standards.
   • Support policy lifecycle management and contribute to enterprise GRC strategy.
4. Incident Management
   • Provide leadership in incident response and post-incident reviews.
   • Collaborate with internal teams on root cause analysis and long-term remediation planning.
5. Review System Security Plans (SSPs)
   • Review, update, and validate system security documentation for critical systems.
   • Ensure alignment with internal risk policies, external contractual requirements, and frameworks such as NIST and CIS.
6. External Audit Support
   • Serve as a key liaison to auditors and regulatory assessors.
   • Oversee evidence collection, audit response documentation, and control testing coordination.
7. IT Security Policy Leadership
   • Lead the creation and revision of organizational IT security policies.
   • Recommend and draft policy enhancements based on risk assessment results, audit findings, and regulatory changes.
8. Reporting and Documentation
   • Prepare and deliver executive-level reporting on risk posture, findings, and recommendations.
   • Maintain thorough documentation aligned with organizational and audit standards.
9. Collaboration and Communication
   • Represent IT risk in executive discussions, technical project meetings, and external partner engagements.
   • Coach and mentor junior staff, IT and business personnel.

• Education:
  Bachelor s degree in Information Technology, Computer Science, Cybersecurity, or a related field is required.
  Master s degree in a related field preferred.
• Experience:
  Minimum of 7 to 10 yearsof experience in IT risk management, cybersecurity, or information assurance.
  Demonstrated success leading cross-functional projects and managing compliance for large systems. Experiences in Heath and Human Services or Healthcare business preferred.
• Certifications (Preferred):
  CISA, CISSP, CRISC, CISM, CGEIT, or similar credentials.
• Technical Skills:
  Expertise in risk frameworks (NIST 800-53, MARS-E, ISO 27001), vulnerability management, system security plans, and audit lifecycle management.
• Analytical Skills:
  Exceptional critical thinking, data analysis, and risk prioritization abilities.