Senior Information Security & Compliance Analyst

Clearance Level
Information Security
Rensselaer, New York
Hybrid Workplace
REQ#: RQ140050
Public Trust: None
Requisition Type: Regular
Your Impact

Own your opportunity to work alongside federal civilian agencies. Make an impact by providing services that help the government ensure the well being of U.S. citizens.

Job Description

Deliver solutions to complex problems as a Senior Information Security & Compliance Analyst at GDIT. Your work will have you fully immersed in our client’s domain in order to deliver solutions for their complex needs. At GDIT, you’ll prioritize the client while we prioritize your career.         

At GDIT, people are our differentiator. You will join our team in partnership with New York State of Health (NYSoH) to provide comprehensive health coverage to more than 6.7 million New Yorkers through its Health Benefit Exchange (HBE)      


  • You’ll join our talented Program Security Compliance & Privacy Team and provide key support to protect critical information systems and customer data with a focus on IT security compliance and information assurance controls.    
  • Analyze security, compliance and privacy requirements, system data, policy and documentation to ensure adherence to various corporate and regulatory frameworks.    
  • Provide information assurance project management, technical security staff support, and development of mission-critical technical documents 
  • Support continuous improvement efforts designed to make security a core part of all program systems.  
  • Perform security impact assessments on new and modified technologies.   


  • Bachelor’s degree in Computer Science, Management Information Systems, or IT Security.     

  • Ten (10) years of intensive and progressive experience in information technology as applied to security, compliance and privacy controls.   
  • Served as the program compliance lead with agency auditors in coordinating artifact production to demonstrate controls adherence in 3rd party assessments.   
  • Proven experience in security impact assessments across various technologies (networking, database, operating systems, and application code, software, and cloud services) to identify any adverse impact to the protective controls.  
  • Understanding of network protocols, DNS, AD, PKI, and DNS, as they relate to security.  
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).   
  • Conduct investigations of information systems security violations and incidents, reporting as necessary to management 
  • Provide recommendations to clients on information assurance engineering standards, implementation dependencies, and changing information assurance related technologies.  
  • Experience drafting and modifying security policies and procedures.      
  • Performs periodic and on-demand system audits and vulnerability assessments.   
  • Recognized security compliance SME   

    Preferred Qualifications:   
  • Broad knowledge across various technologies at a senior level capable of independently leading security controls assessments, compliance audits and security issue investigation and remediation.     
  • Understanding of CMS and IRS security controls. Experience and knowledge of these controls must be at a level sufficient to not only support the interpretation of the control requirements, but communicate those requirements to technical teams and assess the implementation for regulatory and corporate compliance. 
  • Coordination of audits, artifact collection and presentations to executives and regulatory entities 
  • Security controls experience, preferably in the healthcare space, HIPAA, HITECH Act, PII and PHI.  
  • Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs 
  • Senior professional with demonstrated business acumen  

  • Demonstrated ability to work independently and meet delivery targets of compliance filings.   
  • Ability to communicate clearly and effectively, often to senior leadership, clients and external partners.   
  • Serve as team or task lead, and backup to the program ISSO  
  • Demonstrate ownership/responsibility in driving the security of the systems to high standards.   
  • Responsive, adaptive to a complex changing environment.   
  • Excellent analytical and multitasking skills.    
  • Strong attention to detail in diagnosing problems and ensuring solutions address the issues.    
  • Continual drive to learn and improve.    
  • Innately organized and exceptionally detail oriented and able to task switch and work on multiple tasks.   
  • Ability to work accurately under pressure and prioritize time to meet all deadlines.     
  • Strong collaboration skills with ability to reach sound solutions in an effective manner.     
  • Handle demanding situations with clarity, focus and professionalism, and respond to quick turnaround tasks   
  • Resolve issues with little oversight; ability to gather and analyze information skillfully and develop alternative solutions.   
  • Are self-motivated and well-organized.    
  • Prioritize and work on multiple projects at the same time, including the ability to plan, prioritize, and execute multiple initiatives/deadlines with minimal supervision and shift priorities as necessary  

Travel Required: None
About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.