Information Security Analyst

job summary:

Our client is looking for a Information Security Analyst for a 4 month contract to hire opportunity located in Phoenix, AZ.

location: Phoenix, Arizona

job type: Contract to Perm

salary: $40 - 45 per hour

work hours: 8am to 5pm

education: Bachelors



responsibilities:

Job Duties:

• Perform risk assessments, audit reviews, generate findings reports, and make appropriate recommendations for improvement and track outcomes from those activities to satisfy organizational and compliance reporting requirements. Develop and formulate comprehensive reports detailing the findings, areas of non-compliance, required POA&Ms (Plan of Action and Milestones), environmental observations, and incident reports.
• 
  
• Review, update, and manage security-related audit plans, security plans, and risk plan documentation for accuracy and consistency; proactively solve technical and operational problems.
• 
  
• Evaluate data and formulate comprehensive reports detailing findings, areas of non-compliance, required action plans, and environmental observations. Generate incident reports and investigate suspicious network activity.
• Prepare audit documentation that supports audit results; draft and edit audit findings to adhere to industry standards and the agency's internal writing style guide.
• Research agency and industry IT security practices standards, best practices, laws, and regulations, and utilize other applicable resources to ensure total compliance with data and privacy standards.

qualifications:

Here is the sanitized version of the Knowledge, Skills & Abilities (KSAs). The standard global cybersecurity frameworks (like NIST) have been kept, but specific state/federal programmatic compliance frameworks that point directly to state agency types (such as IRS Pub 1075, CJIS, and MARS-E) have been removed or generalized to protect client anonymity.

Knowledge, Skills & Abilities

Security & Risk Expertise:

Knowledge of information security principles, risk management frameworks (RMF), policies, and procedures, with the ability to develop effective enterprise security policies.

Knowledge of laws, regulations, principles, and ethics as they relate to cybersecurity, data protection, and privacy compliance (e.g., NIST 800-53, HIPAA/HITRUST, and related industry-standard regulatory frameworks).

Expert knowledge of internal auditing, internal controls, and risk management practices and methodologies.

Systems & Technical Audit:

Knowledge of the selection, approval, implementation, and assessment/audit of security and privacy controls.

Knowledge of the authorization and approval processes for enterprise information systems.

Experience conducting audits or reviews of technical systems with a comprehensive understanding of internal control environments within an IT function.

Foundational knowledge across multiple technology domains, including aspects of Windows, Unix, database administration, software development, and networking.

Ability to identify cybersecurity and privacy issues stemming from connections with internal/external customers and partner organizations.

Strategy & Leadership:

Ability to ensure information security management processes are integrated with strategic and operational planning.

Ability to work collaboratively in teams and across complex organizations, synthesizing feedback, adjusting plans accordingly, and building strong relationships with stakeholders.

Ability to develop policy, plans, and strategy in compliance with laws, regulations, and standards in support of organizational cyber activities.

Ability to ensure that leadership within the organization provides appropriate information security for the assets and systems under their control.

Ability to exercise sound judgment when policies are not well-defined.

Execution & Delivery:

Ability to produce high-quality work products for both technical IT teams and senior management.

Strong interpersonal, written, and oral communication skills.

Ability to ensure security practices are followed throughout all phases of the lifecycle of business and IT processes.

Ability to support technical project managers to fulfill information analysis requirements with a high degree of accuracy and quality, while developing and maintaining key project artifacts.

Experience identifying risks and suggesting continuous improvements to information systems and processes.

Ability to develop plans and materials to support user adoption, training, and customer service while working directly with users from other divisions and business units to provide insight and guidance.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.