Additional Detail
Senior Information Security & GRC Analyst - 2 positions Anticipated Starting Salary Range: $75,000 - $100,000
Starting Salary Commensurate with Qualifications and Experience
The State Corporation Commission's (SCC) Health Benefit Exchange (HBE) division seeks two analysts interested in rewarding public service careers to join its Information Security team. One position is a Senior Information Security Analyst and one is a Senior Governance, Risk, and Compliance (GRC) Analyst. Both positions will work under the direction of the HBE Information Security Manager to safeguard the HBE's consumer data and information and ensure compliance with state and federal regulations. These positions offer a hybrid work schedule (some in-office and telework days each week) as well as a variety of professional development and training opportunities.
Essential Functions & Responsibilities of the Senior Information Security Analyst position include, but are not limited to:
- Monitor, analyze, and report on security vulnerabilities and weaknesses.
- Perform complex security impact assessments, analyze, and report on the impact of requested system and framework changes to security posture and applicable controls.
- Remain informed of emerging threats, trends, and new security technologies and regularly present findings of impact to the Information Security team.
- Lead continuous improvement efforts, developing and presenting security training to team and division personnel.
- Mentor and train junior Security Analysts.
- Perform complex risk and threat assessments.
- Respond, coordinate, and monitor complex incident response activities.
- Coordinate and support 3rd party assessments and penetration tests.
- Assess system operations and security controls and make recommendations for improvements.
- Communicate and collaborate with vendors, HBE staff, partners, and other SCC divisions on complex security issues, updates, controls, and additional ad hoc items.
- Prepare reports on security findings, progress towards remediation of security related issues, and system trends.
- Perform related work as required.
Essential Functions & Responsibilities of the Senior Governance, Risk, and Compliance (GRC) Analyst position include but are not limited to:
- Coordinate with federal agencies, SCC internal teams, vendors, and 3rd parties to perform privacy and security assessments, audits, and other security and privacy compliances activities.
- Conduct complex audits of HBE partners and vendors to evaluate compliance with privacy and security requirements.
- Lead and participate in internal assessments to evaluate compliance with information security and privacy policies, procedures, regulations, and agreements.
- Monitor regulatory changes, evaluate impacts, and prepare reports and recommendations on compliance for security and privacy policies for HBE senior leadership.
- Review and update security and privacy control documentation to ensure it is accurate, up to date, and adheres to legal and regulatory requirements.
- Develop and present compliance findings from audits and assessments to HBE senior leadership and prepare remediation reports.
- Develop, update, and support implementation of data security and privacy protection policies and procedures.
- Coordinate with vendors and monitor complex security and privacy incidents.
- Contribute to continuous improvement efforts.
- Perform related work as required.
Please Note: SCC only accepts applications received through its career center site. Applications submitted through Virginia Jobs site directly will not be considered.
For more information and to apply for this position directly on the SCC Career Center website, click the
Additional Detail button on this page.
To view all current SCC job openings, visit the SCC Career Center website and click the Search button under Job Search.
Each agency within the Commonwealth of Virginia is dedicated to recruiting, supporting, and maintaining a competent and diverse work force.
Equal Opportunity Employer
Never miss an opportunity! Create an alert based on the job you applied for.
