Senior Information Security & Compliance Analyst

Deliver solutions to complex problems as a Senior Information Security & Compliance Analyst at GDIT. Your work will have you fully immersed in our client’s domain in order to deliver solutions for their complex needs. At GDIT, you’ll prioritize the client while we prioritize your career.         

At GDIT, people are our differentiator. You will join our team in partnership with New York State of Health (NYSoH) to provide comprehensive health coverage to more than 6.7 million New Yorkers through its Health Benefit Exchange (HBE)      

HOW YOU’LL MAKE AN IMPACT:  

• You’ll join our talented Program Security Compliance & Privacy Team and provide key support to protect critical information systems and customer data with a focus on IT security compliance and information assurance controls.    
• Analyze security, compliance and privacy requirements, system data, policy and documentation to ensure adherence to various corporate and regulatory frameworks.    
• Provide information assurance project management, technical security staff support, and development of mission-critical technical documents 
• Support continuous improvement efforts designed to make security a core part of all program systems.  
• Perform security impact assessments on new and modified technologies.   
  
  WHAT YOU’LL NEED TO SUCCEED:      
  
   Education:     

• Bachelor’s degree in Computer Science, Management Information Systems, or IT Security.     
  
  Experience:  

• Ten (10) years of intensive and progressive experience in information technology as applied to security, compliance and privacy controls.   
• Served as the program compliance lead with agency auditors in coordinating artifact production to demonstrate controls adherence in 3rd party assessments.   
• Proven experience in security impact assessments across various technologies (networking, database, operating systems, and application code, software, and cloud services) to identify any adverse impact to the protective controls.  
• Understanding of network protocols, DNS, AD, PKI, and DNS, as they relate to security.  
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).   
• Conduct investigations of information systems security violations and incidents, reporting as necessary to management 
• Provide recommendations to clients on information assurance engineering standards, implementation dependencies, and changing information assurance related technologies.  
• Experience drafting and modifying security policies and procedures.      
• Performs periodic and on-demand system audits and vulnerability assessments.   
• Recognized security compliance SME   
  
  Preferred Qualifications:   

• Broad knowledge across various technologies at a senior level capable of independently leading security controls assessments, compliance audits and security issue investigation and remediation.     
• Understanding of CMS and IRS security controls. Experience and knowledge of these controls must be at a level sufficient to not only support the interpretation of the control requirements, but communicate those requirements to technical teams and assess the implementation for regulatory and corporate compliance. 
• Coordination of audits, artifact collection and presentations to executives and regulatory entities 
• Security controls experience, preferably in the healthcare space, HIPAA, HITECH Act, PII and PHI.  
• Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs 
• Senior professional with demonstrated business acumen  
  
  Skills:  

• Demonstrated ability to work independently and meet delivery targets of compliance filings.   
• Ability to communicate clearly and effectively, often to senior leadership, clients and external partners.   
• Serve as team or task lead, and backup to the program ISSO  
• Demonstrate ownership/responsibility in driving the security of the systems to high standards.   
• Responsive, adaptive to a complex changing environment.   
• Excellent analytical and multitasking skills.    
• Strong attention to detail in diagnosing problems and ensuring solutions address the issues.    
• Continual drive to learn and improve.    
• Innately organized and exceptionally detail oriented and able to task switch and work on multiple tasks.   
• Ability to work accurately under pressure and prioritize time to meet all deadlines.     
• Strong collaboration skills with ability to reach sound solutions in an effective manner.     
• Handle demanding situations with clarity, focus and professionalism, and respond to quick turnaround tasks   
• Resolve issues with little oversight; ability to gather and analyze information skillfully and develop alternative solutions.   
• Are self-motivated and well-organized.    
• Prioritize and work on multiple projects at the same time, including the ability to plan, prioritize, and execute multiple initiatives/deadlines with minimal supervision and shift priorities as necessary