Lead Information Security Analyst - GRC
Role details
Job location
Tech stack
Job description
- Conduct information security risk assessments and facilitate reviews of cloud, hybrid cloud, and on-premises IT solutions and infrastructure.
- Perform third-party vendor security risk assessments to support governance efforts.
- Serve as a subject matter expert (SME) on Cloud Security, with an emphasis on Microsoft Azure.
- Stay updated on cybersecurity threats and vulnerabilities and provide recommendations for mitigation, particularly within Microsoft Azure cloud security.
- Utilize security controls to enhance security posture and research emerging threats relevant to cloud and hybrid cloud operations.
- Assess and prioritize information security risks, ensuring compliance with regulatory requirements and information security policies.
- Oversee assigned project activities to ensure timely completion.
- Develop remediation plans and proactively track progress, presenting cybersecurity risks and gaps to stakeholders.
- Provide design input, implementation, and maintenance of enterprise-wide security solutions to address cybersecurity needs.
- Work on high-complexity projects requiring in-depth knowledge across multiple technical areas and business segments.
- Communicate security vulnerabilities and risks to key stakeholders and consult on remediation efforts.
- Develop documentation to support cybersecurity operations, including:
o Communications o Job aids o Educational/training materials o Architecture diagrams o Technical reference guides o Procedures o Strategy/technology roadmaps o Request for Proposal/Offers (RFP/RFOs) o Statement of Work (SOW) o Metrics and reports o Project plans o Executive presentations
- Coach and mentor junior-level technical staff.
- Participate in Cybersecurity Incident Response Team (CIRT) investigations and response activities.
- Perform other duties as assigned.
Requirements
- High school diploma or GED equivalency from an accredited educational institution.
Experience:
- Five (5) years of experience in Information Security, IT, Computer Science, or IT Risk Management
Knowledge, Skills, & Abilities:
- Designing, implementing, and executing IT Risk Management projects.
- Building and maintaining strong interdepartmental relationships.
- Effectively communicating security risks and controls to stakeholders and leadership.
- Passion for cybersecurity, a self-starter mentality, and ability to work in a team environment., * Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent work experience).
Certifications:
- Industry certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or GIAC Certified Incident Handler (GCIH) credentials.
Experience:
- Strong understanding of IT infrastructure and network security principles.
- Experience with cloud security (AWS, Azure, or Google Cloud Platform).
- Knowledge of scripting languages (Python, PowerShell, etc.) for automation., * High School or GED diploma
- Associate Degree
- Bachelor's Degree
- Master's Degree or higher
- None of the above
02
If you selected a college degree in response to the previous question, which of the following best describes your major?
- Cybersecurity
- Computer Science, Which of the following best describes your verifiable experience in Information Security, IT, Computer Science, or IT Risk Management?(To be considered, qualifying experience must be documented in your application's employment history)
- Less than five (5) years
- Five (5) years but less than six (6) years
- Six (6) years but less than seven (7) years
- Seven (7) years or more
- I do not have this experience
Benefits & conditions
Harris County offers a highly competitive benefits program, featuring a comprehensive group health plan and defined benefit retirement plan. The following benefits are offered only to Harris County employees in regular (full-time) positions: Health & Wellness Benefits
- Medical Coverage
- Dental Coverage
- Vision Coverage
- Wellness Plan
- Life Insurance
- Long-Term Disability (LTD) Insurance
- Employee Assistance Program (EAP)
- Healthcare Flexible Spending Account
- Dependent Care Flexible Spending Account
Paid Time Off (PTO)
- Ten (10) days of vacation leave per year (accrual rate increases after 5 years of service)
- Eleven (11) County-observed holidays
- One (1) floating holiday per year
- Paid Parental Leave*
- Sick Leave
Retirement Savings Benefit
- 457 Deferred Compensation Plan
The following benefits are available to Harris County employees in full-time and select part-time positions:
-
Professional learning & development opportunities
-
Retirement pension (TCDRS defined benefit plan)
-
Flexible work schedule*
-
METRO RideSponsor Program*
-
Participation may vary by County department. The employee benefits plans of Harris County are extended to all eligible participants across various departments with the exception of the Harris County Community Supervision and Corrections Department, for which the cited Health & Wellness Benefits are administered through the State of Texas. In accordance with the Harris County Personnel Regulations, group health and related benefits are subject to amendment or discontinuance at any time. Harris County Commissioners Court reserves the right to make benefit modifications on the County's behalf as needed. For plan details, visit the Harris County Benefits & Wellness website: 01, * Other Related Field
-
Unrelated Field
-
N/A; No Degree
03
Please describe your educational background including level of education completed, area of study and completed major and minor programs. 04
Which of the following industry certifications do you currently hold? Select all that apply:
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- GIAC Certified Incident Handler (GCIH) credentials
- N/A; None of the above
05