Senior Security & Compliance Analyst

Senior Security & Compliance Analyst

Deliver solutions to complex problems as a Senior Information Security & Compliance Analyst at GDIT. Your work will have you fully immersed in our client’s domain in order to deliver solutions for their complex needs. At GDIT, you’ll prioritize the client while we prioritize your career.         

At GDIT, people are our differentiator. You will join our team in partnership with New York State of Health (NYSoH) to provide comprehensive health coverage to more than 6.7 million New Yorkers through its Health Benefit Exchange (HBE)      

HOW YOU’LL MAKE AN IMPACT:  

• You’ll join our talented Program Security Compliance & Privacy Team and provide key support to protect critical information systems and customer data with a focus on IT security compliance and information assurance controls.    
• Analyze security, compliance and privacy requirements, system data, policy and documentation to ensure adherence to various corporate and regulatory frameworks.    
• Provide information assurance project management, technical security staff support, and development of mission-critical technical documents 
• Support continuous improvement efforts designed to make security a core part of all program systems.  
• Perform security impact assessments on new and modified technologies. 
• Serve as team or task lead, and backup to the program ISSO   
  
  
  WHAT YOU’LL NEED TO SUCCEED:      
  
  Education:     

• Bachelor’s degree in Computer Science, Management Information Systems, or IT Security.     
  
  Experience:  

• Ten (10) years of intensive and progressive experience in information technology as applied to security, compliance and privacy controls.   
• Five (5) years program compliance experience interpreting information assurance controls adherence to regulatory frameworks and communicating the requirements to technical teams; demonstrating controls adherence for audits; conducting investigations of information systems security violations and incidents; recommending information assurance engineering standards, implementation dependencies, and changing information assurance related technologies; drafting and modifying security policies and procedures; conducting system audits and vulnerability assessments. 
• Proven experience in security impact assessments across various technologies (networking, database, operating systems, and application code, software, and cloud services) to identify any adverse impact to the protective controls.  
• Demonstrated understanding of network protocols, DNS, AD, PKI, and DNS, as they relate to security.  
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).   

Skills:  

• Demonstrated ability to work independently and meet delivery targets of compliance filings.   
• Ability to communicate clearly and effectively, often to senior leadership, clients and external partners.   
• Demonstrate ownership/responsibility in driving the security of the systems to high standards.   
• Responsive, adaptive to a complex changing environment.   
• Excellent analytical and multitasking skills.    
• Strong attention to detail in diagnosing problems and ensuring solutions address the issues.    
• Continual drive to learn and improve.    
• Innately organized and exceptionally detail oriented and able to task switch and work on multiple tasks.   
• Ability to work accurately under pressure and prioritize time to meet all deadlines.     
• Strong collaboration skills with ability to reach sound solutions in an effective manner.     
• Handle demanding situations with clarity, focus and professionalism, and respond to quick turnaround tasks   
• Resolve issues with little oversight; ability to gather and analyze information skillfully and develop alternative solutions.   
• Are self-motivated and well-organized.