Apply on Employer Site

State of Illinois · 2 days ago

Senior Security Analyst (Information Systems Analyst II, Opt. S)

Chicago, IL

Full-time

Onsite

Mid, Senior Level

$7,787/mo - $11,450/mo

3+ years exp

The State of Illinois is committed to values of compassion, equity, and dedication. The Department of Innovation & Technology is seeking a Senior Security Analyst to lead cybersecurity risk management and compliance efforts, specializing in securing Health Insurance Exchange systems through risk assessments and audit coordination.

AssociationGovernmentOffice AdministrationReal Estate

Comp. & Benefits

No H1B

Responsibilities

Under general direction, serves as a Senior Security Analyst for the Department of Innovation & Technology (DoIT), supporting the Get Covered Illinois (GCI) Program under the Department of Insurance (DOI), performing complex and specialized professional work in the administration and management of cybersecurity risk, adhering to NIST SP 800-53 Rev. 5 and other applicable federal frameworks, including those adopted by the Centers for Medicare & Medicaid Services (CMS) for Health Insurance Marketplace Information Systems

Coordinates network planning, administration, and operations activities in support of the HIX platform and related systems

Serves as project leader on highly complex projects while independently planning, developing, and implementing techniques for gathering and interpreting data

Functions as IT liaison interacting with third party information system vendors, other state agencies and outside entities, including agencies of other states, and the federal government

Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures

Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above

Qualification

NIST SP 800-53Risk assessmentsVulnerability managementCybersecurity technologiesDisaster recovery planningIncident responseNetwork securityData protectionCertifications in securityCommunication skillsCollaborationProject management

Required

Requires knowledge, skill, and mental development equivalent to four (4) years of college with course work in computer science or directly related fields

Requires three (3) years of professional experience in security or a related Information Technology field

Requires three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev 5 or comparable cybersecurity frameworks for enterprise information systems

Requires three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection

Requires three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, application and infrastructure

Preferred

Three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev. 5 or comparable cybersecurity frameworks for enterprise information systems

Three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection

Three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, applications, and infrastructure

Three (3) years of professional experience managing or coordinating business continuity, disaster recovery, or incident response activities, including development, testing, and documentation of related plans

Three (3) years of professional experience independently planning, coordinating, and executing complex IT or cybersecurity projects, including documentation, quality assurance, and stakeholder communication

Extensive knowledge of LAN/WAN architecture, network topologies, and security infrastructure components supporting enterprise or multi-agency environments

Ability to analyze and evaluate security controls across multiple control families within established security frameworks, exercising sound judgment in operational and procedural decision-making

Developed verbal and written communication skills to clearly present technical, risk, or compliance information to diverse audiences, including executives, technical teams, and external partners

Ability to establish and maintain effective working relationships with colleagues, vendors, agency partners and external partners to support collaborative cybersecurity and compliance initiatives

Relevant certifications in networking or information security (e.g., CISM, CISSP, GSEC, CRISC)