Information Security Analyst(Hybrid)
ASCENDING LLC - richmond, VA
Apply NowJob Description
Title : Information Security Analyst Location : Hybrid in Richmond, VA( Virginia Housing, 601 S Belvidere St, Richmond, VA 23220) Term : 2 Years Contract Available for W2 or 1099, No C2C Job Description: This important role will support information security across all Virginia Housing programs, projects, IT systems, and applications. The position is assigned to projects and initiatives with security and privacy components. The Information Security Analyst will assist in conducting cybersecurity and privacy awareness throughout Virginia Housing and help create and maintain the organization's Information Security and privacy policies . Additionally, the Information Security Analyst will collaborate with the Information Security Office (ISO) on various security-related projects. Key Responsibilities : Participate in Information Security and Privacy efforts across all business areas and vendor engagements to ensure that appropriate security controls are in place and adhered to by all parties. Work within a Governance, Risk, and Compliance (GRC) system to add and update information security records and documentation. Partner with business stakeholders to develop and maintain Information System Security Plans (SSP) . Represent the Information Security Office in PMO-led projects to ensure significant projects have appropriate ISO representation. Collaborate across teams to understand business challenges, develop tailored solutions that provide value, facilitate compliance, and ensure clear communication. Assist in the development and maintenance of information security standards and processes, including conducting research as needed. Assist with controls documentation , including information system diagramming , populating risk assessment templates , and drafting control narrative documentation for business approval. Review contracts, agreements, and vendor documentation to ensure adequate information security protections are in place. Required Qualifications : At least 3 years of demonstrated experience in Information Security concepts related to governance, risk, and compliance . Extensive knowledge of information security principles and practices. Deep understanding of methods applied to information technology infrastructure planning, implementation, and management . Strong organizational skills with the ability to set priorities, meet established deadlines, and follow up on assignments with minimal supervision. Familiarity or experience with security frameworks such as NIST , ISO 27001 , or COBIT . Excellent attention to detail and organizational skills . Ability to adapt to changing situations and prioritize tasks as needed. Experience drafting Information Security and Privacy policies, standards, and procedures . Ability to interpret security documentation, including flow diagrams and process maps . Knowledge of contract terms and conditions . Proficiency in creating diagrams, flowcharts, and spreadsheets using desktop software. Strong written communication skills with the ability to convey complex security concepts to various audiences. Preferred Qualifications : Bachelor's degree in Computer Science , Information Systems , or equivalent. Relevant security certifications such as CISA , CISSP , or an equivalent certification. Previous experience in the financial services industry is preferred. Knowledge of controls related to cloud security and application security . Knowledge of Information Security regulatory compliance (e.g., GLBA , GDPR , PCI , etc.). Familiarity with various privacy regulations (e.g., GDPR , CCPA , VCDPA ). Thanks for applying!
Created: 2024-10-19