Job details

Information Security and Compliance Analyst

Commonwealth of Kentucky Overview:At the Commonwealth of Kentucky, we are committed to enhancing the lives of our residents by integrating innovative technology solutions with superior healthcare services. Our Office of Application and Technology Services (OATS) is at the forefront of this mission, ensuring the security and resilience of our information systems. Join us to play a critical role in safeguarding sensitive information and contributing to a safer, more connected community. The Opportunity:The Office of Application and Technology Services (OATS) is seeking highly motivated candidates for the Information Security Compliance Analyst role for the Commonwealth of Kentucky, reporting directly to the Information Security Compliance Manager up to the Chief Information Security Officer. The Information Security Compliance Analyst is a mid-level position that focuses on ensuring compliance with regulatory requirements, mitigating security risks, and fortifying the cybersecurity framework across the Commonwealth. The ideal candidate will monitor compliance, investigate security breaches, implement best practices, and collaborate with stakeholders to promote a culture of security awareness:Required ExperienceCompliance Management:• Ensure compliance with industry regulations, standards (e.g., FISMA, FedRAMP, ISO 27001, NIST), and internal policies.• Conduct regular audits, follow-ups, and risk assessments to identify and address compliance gaps.• Maintain and update documentation on security processes and policies.Cybersecurity Operations:• Monitor and analyze activities in a Security Information and Event Management (SIEM) system.• Respond to security incidents, investigate breaches, and document findings.• Recommend and implement mitigation strategies for identified vulnerabilities.Collaboration & Training:• Lead cross-departmental initiatives to align IT security practices with organizational goals.• Conduct training sessions to educate staff on compliance and security best practices.Strategic Initiatives:• Research emerging threats and security enhancements, recommending solutions to management.• Participate in the development of security tools and procedures to improve overall security posture.Reporting:• Prepare and deliver reports for senior management on compliance status, findings, and recommendations.• Assist in maintaining the eGRC tool for continuous monitoring and compliance tracking.Preferred Education & Experience:Bachelor’s degree in computer science, Software Engineering, or a related field (equivalent professional experience may be considered for substitution for the required degree on an exception basis).Candidates with one or more of the following certifications are a plus:• Certified Information Systems Security Professional (CISSP)• Certified Information Security Manager (CISM)• Certified Information Systems Auditor (CISA)• Certified Cloud Security Professional (CCSP)• Project Management Professional (PMP)• Offensive Security Certified Professional (OSCP)• Cybersecurity Analyst (CySA+)• CompTIA Security+, CASP+, or PenTest+• GIAC Security Essentials (GSEC)• System Security Certified Practitioner (SSCP)Experience:• Strong knowledge of IT security frameworks and regulations.• Hands-on experience with SIEM tools, network security, and audit processes.• Familiarity with government information systems and classified environments is a plus.Skills:• Proficient in cybersecurity tools, Microsoft Office Suite, and compliance management systems.• Strong analytical, documentation, and communication skills.• Ability to work independently and lead projects to successful completion.

Average salary estimate

Estimate provided by employer

$140000 / ANNUAL (est.)

min

max

$135K

$145K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Information Security and Compliance Analyst, Brooksource

Are you ready to make a meaningful impact in the realm of cybersecurity? The Commonwealth of Kentucky is on the lookout for an Information Security and Compliance Analyst to join our vibrant Office of Application and Technology Services (OATS) in Louisville, KY. In this pivotal role, you'll be at the forefront of safeguarding sensitive information and enhancing our cybersecurity framework. Your day-to-day responsibilities will include ensuring compliance with key industry regulations like FISMA and NIST, monitoring security activities through our SIEM system, and conducting investigations into security breaches to protect our digital landscape. You'll collaborate with various teams to instill a culture of security awareness throughout the organization and lead training sessions on best practices. With a keen eye on emerging threats, you'll help recommend strategic enhancements that bolster our defenses against cyber incidents. This is not just a job; it's an opportunity to contribute to a safer, more connected community. If you're passionate about making a difference in cybersecurity and thrive in a collaborative work environment, we would love to hear from you!

Frequently Asked Questions (FAQs) for Information Security and Compliance Analyst Role at Brooksource

What does an Information Security and Compliance Analyst at the Commonwealth of Kentucky do?

An Information Security and Compliance Analyst at the Commonwealth of Kentucky is responsible for ensuring compliance with industry regulations, mitigating security risks, and enhancing the overall cybersecurity framework. The role includes monitoring compliance, conducting audits, investigating security incidents, and collaborating with stakeholders to promote security awareness.