OFFICE OF ATTORNEY GENERAL
POSITION CLASSIFICATION: Cybersecurity Risk & Compliance Analyst
PERMANENT ASSIGNMENT Deputy Chief of Staff, Administration
BUREAU SERVED: Information Security
SALARY RANGE: Commensurate with experience
SUMMARY OF DUTIES AND RESPONSIBILITIES:
Under the direction of the Chief Information Security Officer, the Cybersecurity Risk & Compliance Analyst will be responsible for examining internal IT controls, evaluating the design and operational effectiveness of deployed systems and capabilities, documenting risk exposure, and working collaboratively across the organization to prioritize, draw focus, and track risk remediation commitments. The Cybersecurity Risk & Compliance Analyst will develop and maintain the overall IT Risk Register, providing regular updates on the overall aggregated risk profile, remediation plans and priorities, progress made, and open/closure performance. They will also be responsible for developing and publishing the monthly Information Security Key Performance Indicators (KPI) and performance metrics.
The Cybersecurity Risk & Compliance Analyst will directly participate in the IT Change Management process and will be required to review and approve all Network Firewall rules and configuration changes prior to implementation. In addition to regular audit testing, the Cybersecurity Risk & Compliance Analyst will lead/coordinate internal and external information security testing processes used to identify network, system, and application vulnerabilities. They will also provide guidance on identified security risks and facilitate the periodic update and communication of changes to the organizations Information Security policies, practices, and standards. The Cybersecurity Risk & Compliance Analyst will also lead Information Security communications, awareness, and training programs by developing program content to promote awareness of staff memberís roles and responsibilities.
This position requires a bachelorís degree in Computer Science, Information Systems, Cybersecurity or related fields and a minimum of 3 years work experience as an IT Auditor, Security Analyst, Risk Management or Security Engineer. A current CISA certification, along with at least one information security certification such as Security+, GCIA, CCNA, OSCP or CISSP is preferred. Demonstrated experience and knowledge in applying Information Security, Data Classification and Privacy concepts along with a track record of implementing Information Security and Risk Management Frameworks such as NIST Cybersecurity Framework, NIST 800-30, NIST 800-53, and Center for Internet Security (CIS) Critical Security Controls is also preferred.
This position requires knowledge and understanding of computer networking, firewalls, routing and switching, network protocols, VPN, DLP, IDS/IPS, Web-Proxy, Endpoint Security, Office O365 Security, client/server implementation patterns, and cloud computing/ďas-a-serviceĒ implementations. Significant knowledge regarding current cybersecurity trends, best practices, and threat actor techniques is highly desired.
Ability to effectively coordinate, prioritize, and collaborate along with outstanding written and verbal communication skills. Attendance and the ability to maintain satisfactory working relationships with OAG employees and the general public is required.
Hours of Work: 9:00 a.m. - 5:00 p.m. (Monday Friday)
Application Procedure: Send cover letter and resume to:
Office of the Attorney General
An Equal Opportunity Employer
The Illinois Attorney General's Office is an equal opportunity employer. The Office considers applicants without regard to race, color, religion, sex, national origin, sexual orientation, age, marital or veteran status, or the presence of a non-job-related medical condition or disability.