DatamanUSA is looking for a Information Security Analyst for our direct client based in VT. This is a great opportunity for someone who is a quick learner with excellent people skills.
Job Details:
Job Title: Information Security Analyst
Location: Montpelier, VT
Duration: 12+ months
Roles & Responsibilities:
*) Monitor, assess, and report on compliance with security frameworks and regulatory standards, including NIST 800-53, CMS ARC-AMPE, IRS Publication 1075, and HIPAA.
*) Perform risk assessments, security control evaluations, and compliance gap analyses across systems and applications.
*) Track regulatory and policy changes and ensure security practices remain aligned with evolving requirements.
*) Collaborate with IT teams, security teams, and business units to ensure compliance obligations are met.
*) Review and provide best-practice feedback on vendor and third-party security documentation, including SOC reports, security attestations, and penetration test results.
*) Support internal and external audits by preparing required documentation, evidence, and compliance reports.
*) Document, track, and follow up on corrective actions, remediation activities, and risk mitigation efforts.
*) Maintain and update security compliance artifacts such as System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and related documentation.
*) Draft, review, and evaluate security documentation, solution designs, processes, risks, and issues, providing actionable recommendations.
*) Provide weekly project and compliance status reports to the CISO.
*) Attend, lead, and facilitate informational and status meetings, including project meetings, steering committees, and stakeholder discussions with State IT executives, agency program managers, and consultants.
*) Utilize State-provided tools, including Microsoft Office applications and Azure DevOps, to manage documentation, tasks, and deliverables.
Required Skills & Experience:
*) Hands-on experience working within security frameworks such as NIST, CMS ARC-AMPE, and IRS Publication 1075.
*) Experience working in at least two of the following security domains:
*) Security and Risk Management
*) Security Architecture and Engineering
*) Communications and Network Security
*) Security Assessment and Testing
*) Security Operations
*) Strong oral and written communication skills, with the ability to communicate technical concepts to non-technical stakeholders.
*) Proven ability to work effectively within a team environment.
*) Ability to manage shifting priorities and deadlines.
*) Experience working within budget constraints.
Certifications: CJIS ,HIPAA ,PMP Certification , Prosci Certification
Never miss an opportunity! Create an alert based on the job you applied for.
