Security Analyst (NIST, CIS, ISO 27001, Security/Cloud, Incident Response Mgmt. Systems)

HBITS-07-14507 DOT, Security Analyst, Expert 30 month contract In person Interview Selected candidates are expected to work in Albany office 2-3 days per week Day-to-day tasks • Implement information security and compliance programs for Information Technology (IT) systems and Operational Technology (OT) systems. • Conducting written risk assessments (security, privacy, Artificial Intelligence) for existing systems/solutions, new systems/solutions, and services in use or to be used by the business. • Assist with management and resolution of security risks and/or threats to business information and operational systems. • Serve as information security analyst and evaluate systems and contracts for alignment with Business and State information security policies and standards as well as other laws, regulations, and industry best practices, as applicable. • Assist with risk register management and vulnerability management • Monitor and remain aware of information security industry trends, tools, and techniques. • Perform additional duties as required. Security Analyst Plans and carries out security measures to protect an organization's computer networks and systems. Expert • 84+ months: Candidate is able to provide guidance to large teams and/or has extensive industry experience and is considered at the top of his/her field. • 84 months experience evaluating information security, privacy, and compliance for Information Technology systems and/or Operational Technology systems • 84 months experience conducting written risk and compliance assessments for security, privacy, and/or Artificial Intelligence using industry standards and frameworks such as NIST, CIS Critical Controls, ISO 27001, etc. • 60 months experience triaging and determining mitigation plans (with and without Vendor) to resolve security risks and/or threats to business information systems and operational technology systems • 60 months experience evaluating business systems (Commercial Off the Shelf and Custom Developed) for alignment with Information Technology and/or Operational Technology security policies, standards, laws, regulations, and industry best practices. • 60 months experience in evaluating security controls for cloud environments • 60 months experience working with cross functional teams to mitigate or remediate system and application vulnerabilities • 48 months experience in risk management (including third-party), vulnerability management, and security program management • 48 months experience in threat assessment and/or Incident Response management for information security and/or operational technology systems. • Bachelor's Degree (or higher) in one or more of the following: Information Security, Information Assurance, Cybersecurity, Computer Science, Information Science, Information System Management, Digital Forensics, Compliance and Risk Management • One or more of the following certifications: GICSP, GSEC, CISSP, CCSP, CCSK, CompTIA Cloud+, GCSA, CompTIA Network+, CompTIA Security+, CompTIA CySA+, CIPT, CIPP, CIPM, CISSP, CRISC, ISSAP, ISSEP, CGRC, CSSLP, SSCP, or other applicable information and/or cybersecurity, privacy, artificial intelligence, or risk management certifications Apply tot his job