Job Description :
Title: Business Analyst
Location: Lansing, MI
Duration: 12 Months
Description:
Years of Experience:
16 or more years of experience in the field.
Job Description:
Relies on experience and judgment to plan and accomplish goals, independently performs a variety of complicated tasks, a wide degree of creativity
and latitude is expected.
Develops and implements risk policies, standards, and procedures (PSP) per applicable privacy and security framework to address audit gaps. Provides risk and compliance related support to the Security Accreditation Process Team and Information Security Officer (ISO) in best aligning policies/procedures with relevant Plan of Actions and Milestones (POA&M Reviews, analyzes and identifies opportunities and leads changes to PSP to reduce policy burden on enterprise and increase the proper alignment across the agency. Properly manages potential policy changes and impacts, risk- based recommendations, and relevant resolution/mitigation plans. Facilitates cross-functional team meetings to best reach agreement on the most effective and sustainable PSP in various risk and compliance areas. Communicates and socializes Security policy and risk management throughout the organization and gather feedback where appropriate. Manages the processes to streamline PSP.
Reviews, analyzes, and evaluates business systems and user needs. Formulates systems to parallel overall business strategies. Experienced with business process reengineering and identifying new applications of technology to business problems to make business more effective. Familiar with industry standard (including Legacy, Core, and Emerging technologies), business process mapping, and reengineering. Prepares solution options, risk identification, and financial analyses such as cost/benefit, ROI, buy/build, etc.
Knowledge of commonly-used concepts, practices, and procedures within a particular field. Familiar with relational database concepts, and client-server concepts. Relies on limited experience and judgment to plan and accomplish goals. Performs a variety of tasks. Works under general supervision. A certain degree of creativity and latitude is required.
Required:
Experience defining, revising, and implementing information security policies, standards, and procedures for risk mitigation.
Experience in Information Security, Information Technology, Compliance or Risk Management.
Knowledge of NIST, GAPP, and/or CJIS security requirements for IT.
Practical experience with the basic tenets of security risk management (threat mgmt., vulnerability mgmt., and risk treatment)
Demonstrated ability to translate information security risks or other IT concepts into language easily understood by a non-technical audience
Skilled with IT process/methodology (e.g. ITIL, COBIT, LEAN, Six Sigma, CMM) and experience implementing processes and methodologies.
Experience with Joint Application Development (JAD) session facilitation.