Job Description :
The Security Analyst (SA) has an understanding of all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols.

*PLEASE NOTE* The right candidate for this role will have a solid background and formal training in cybersecurity functions, initiatives and overall solutions, while ALSO having a solid business sense with experience preparing presentation materials and communicating cybersecurity concepts, risks, and potential business impacts with management in non-technical terminology. This mix of skills is critical to the position please only submit candidates who match this experience profile.

The Information Security Division (ISD) within the Office of the Chief Information Officer (OCIO) and the Secretary of State s (SOS) Office are looking for an Information Security Analyst. The selected candidate will perform information security functions in collaboration with state agencies and also assist counties, cities and schools with cybersecurity initiatives. The candidate will conduct a variety of operational cybersecurity functions including the installation, configuration, troubleshooting and maintenance of cybersecurity equipment. The candidate must also be adept at preparing presentation materials and communicating cybersecurity concepts, risks, and potential business impact with management in non-technical terminology. The candidate must have experience implementing cybersecurity solutions, writing policies, preparing reports, providing briefings to management and have formal education and training in cybersecurity.

Responsibilities - OCIO
\tDeploy, manage and maintain cybersecurity solutions for State of Iowa agencies, counties, cities and schools
\tAssist counties with installation of ISD cybersecurity solutions
\tMonitor, analyze, and respond to events, alerts and incidents supporting State of Iowa IT systems
\tProvide phone and email support to State of Iowa agencies and participating partners during cybersecurity alerts, events and incidents
\tManage, configure and support Security Operations Center (SOC) video screens and systems
\tAssist with metrics, reporting, and other SOC communications
\tProvide support for incidents up to the preliminary forensics process
\tOther duties as assigned

Responsibilities - SOS

\tAdvise and consult with leadership team on best practices, opportunities for improvement, and emergent trends for cybersecurity
\tAssist with internal cybersecurity initiatives
\tReview current cybersecurity training protocols for areas of improvement, and recommend or conduct additional trainings as necessary
\tReview and analyze current practices against CIS Controls, PCI compliance, and other cybersecurity best practices
\tInventory SOS assets
\tSecurity Risk Mitigation
\tReview vulnerability scans, firewall alerts, and assessment data to collaborate with staff and vendors to mitigate risks
\tAssist with patching and remediation of computer systems and applications
\tRespond and appropriately address firewall notifications
\tFacilitate cybersecurity policy development
\tCreate an incident response plan
\tImplement desktop security
\tReview and respond to potential incidents
\tCoordinate with other staff to execute the mission of the Secretary as needed

Required/Desired Skills

Skill Required /Desired Amount of Experience
Experience working with various computer and network security concepts Required 5 Years
Experience implementing cybersecurity solutions Required 5 Years
Experience with cybersecurity policy, reviewing cybersecurity risk assessments, and presenting findings Required 5 Years
Experience with cyber security framework risk assessment and audit response experience (NIST 800-52, CIS20, PCI, ISO27001 preferred) Required 5 Years
Experience with intrusion detection, vulnerability management, and anti-malware systems/tools (Snort, Talos, Puppet, Tripwire, FireEye preferred) Required 5 Years
Experience with both Windows and Linux/Unix operating system environments Required 5 Years
Experience advising/consulting with leadership on cybersecurity best practices, opportunities for improvement, and emergent trends Required 5 Years
Experience preparing presentation materials & communicating cybersecurity concepts, risks, & potential business impact w/management in non tech terms Required 5 Years
Experience writing policies, preparing reports, providing briefings to management related to cybersecurity Required 5 Years
Strong oral and written communication skills Required 0
Strong analytical and problem solving skills Required 0
Ability to travel to Iowa s counties, including some overnight travel Required 0
Ability to lift 25 lbs Required 0
SQL, PowerShell, Python, or scripting experience Desired 0
CISSP, CISM, CISA, or GIAC Certifications Desired 0

Client : State of Iowa