INFORMATION SECURITY ANALYST-SENIOR - 07072026-78984
Role details
Job location
Tech stack
Job description
The Information Security Analyst Sr. serves as a key member of the Tennessee Department of Health's information security team, responsible for protecting critical systems, networks, and data assets. This position provides advanced expertise in security monitoring, incident response, risk assessment, vendor management and compliance with regulatory and organizational standards. The analyst collaborates across the various areas of Health to design, implement, and maintain robust information security controls and initiatives that support the organization's strategic and operational goals., * Lead efforts to identify, analyze, and mitigate cybersecurity threats and vulnerabilities across systems.
- Monitor, investigate, and respond to security incidents by working closely with Enterprise security teams.
- Analyze data from tools such as SIEM, EDR, IDS/IPS, and vulnerability management platforms.
- Conduct regular risk assessments, penetration tests analysis, and security audits to ensure compliance with industry standards (e.g., NIST, ISO 27001).
- Develop and maintain information security policies, procedures, and incident response plans.
- Provide guidance and mentorship to other analysts and IT staff on security best practices.
- Collaborate with IT, legal, and compliance teams to manage data protection and privacy initiatives.
- Evaluate new security technologies and recommend improvements to the organization's security posture.
- Prepare reports, dashboards, and metrics for management on security events, vulnerabilities, and compliance status.
- Conduct audit of security related areas and work closely with audit teams, 1. Manage high-priority security projects
- Advise on compliance strategy
- Lead cross-functional response teams
- Communicate complex security topics clearly
- Drive improvements in enterprise security posture
Tools & Equipment
- Security Information and Event Management (SIEM)
- Compliance Management Tools
- Forensic Analysis Tools
- Vulnerability Scanners
- Microsoft Office Suite
Requirements
Education and Experience: Bachelor's degree and five years of experience in information security, risk management, or policy implementation.
Substitution of Graduate Coursework: Graduate coursework in information security may substitute for one year of experience.
Substitution of Experience for Education: Experience in cybersecurity or incident response may substitute for education up to four years.
Alternate Qualification: Three years as an Information Security Analyst - Junior or CISSP certification also qualifies., 1. Strategic Mindset
- Customer Focus
- Decision Quality
- Optimizes Work Processes
- Strategic Mindset
Knowledges:
- Advanced cybersecurity best practices
- Regulatory and compliance frameworks
- Risk assessment methodologies
- Systems architecture and defense-in-depth
- Data privacy and protection strategies
Skills:
- Risk and threat analysis
- Policy creation and enforcement
- Forensic investigation
- Team supervision and training
- Report preparation and presentation