| Job Description | IT Compliance Business Analyst Level 4 Position Description - The IT Compliance Business Analyst with the Department of Technology, Management, and Budget (DTMB) Agency Services supporting the Michigan Department of Education (MDE) will coordinate agency, DTMB, and vendor efforts to adhere to the State of Michigan (SOM) Governance, Risk, and Compliance (GRC) practices and policies.
- This position will be responsible for leading project teams through the Michigan Security Accreditation Process (MiSAP) to assist in the effort of supporting the Michigan Department of Education.
- MiSAP sets security requirements for software, applications, systems, or other technical products that need to connect with the State of Michigan IT infrastructure or be consumed by agencies within the State of Michigan.
- The Michigan Security Accreditation Process consists of several stages that include data classification, system security plan (SSP), risk assessment (RA), control task, and plan of action and milestones (POAM).
- The goal of the process is to achieve authority to operate (ATO) once all stages have been successfully completed.
- Project documentation as well as application vulnerability scanning onboarding and requests, are also artifacts that are facilitated by or created by the resource within this position.
- The expectation is that the person filling this position would also assist with completing disaster recovery plans, incident response plans, and business continuity plans.
- This position will also be required to provide training and interpretation of the frameworks, regulations, laws, policies and GRC tool the State of Michigan must adhere to.
- This position will assist with compliance of audit criteria and provide process development and audit support for partner agencies' IT systems, web sites, web applications, mobile sites, and mobile applications.
- Additionally, it will provide for audit credibility and compliance.
- This position works and collaborates with people outside of the DTMB Agency Services Compliance Team such as auditors, project managers, analysts, vendors, development resources, and business partners.
| Skill | Required / Desired | Required Years of experience | | Exposure to Complex IT web Applications, within the past 5 years | Required | 5 Years | | Experience in a role, as a business analyst, supporting a software development project, in the past 5 years | Required | 5 Years | | Experience leading meeting and making oral and written reports and presentations on work assignments | Required | 5 Years | | Experience with MS Office to create project Documentation | Required | 5 Years | | Experience working as a liaison between different business and IT areas | Required | 5 Years | | Knowledge and understanding of the Software Development Lifecycle | Highly Desired | 2 Years | | Knowledge or experience creating supporting documentation for IT system audits. | Highly Desired | 2 Years | | Experience with the creation of Disaster Recover Plans, Business Continuity Plans, and Incident Response Plans | Highly Desired | 2 Years | | Experience providing audit evidence to comply with security standards such as NIST, PCI, HIPPA, FERPA | Highly Desired | 2 Years | |