IT Security and Compliance Analyst

We are seeking a highly motivated Security Compliance Analyst to oversee the development, implementation, and maintenance of security policies and procedures to ensure compliance with industry standards and regulations. This role will involve conducting regular security assessments, responding to security incidents, monitoring security technologies, and ensuring the organization remains in compliance with frameworks such as NIST 800-53. The ideal candidate will have strong expertise in cybersecurity principles, vulnerability management, and security technologies. Key Responsibilities: Incident Reporting: Immediately report any security incidents to the Information Systems Security Officer (ISSO) and IT Service Group (ITSG) leadership. Ensure timely and accurate documentation of all incidents for future analysis and reporting. Policy and Procedure Development: Develop, implement, and maintain the organization's information security policies, procedures, and standards to ensure robust protection of sensitive data and compliance with relevant regulations. Security Assessments: Conduct regular security assessments, vulnerability scans, and risk assessments to identify and mitigate potential security risks across systems, applications, and networks. Monitoring Security Technologies: Monitor and manage security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus solutions, and encryption mechanisms to detect and respond to threats in real-time. Security Control Audits: Perform regular audits of security controls for access management, identity and authentication systems, and data protection mechanisms to ensure compliance with security policies and standards. Incident Response: Respond to and investigate security incidents, coordinating with incident response teams when necessary. Conduct root cause analysis to understand the source of incidents and implement corrective actions. Compliance and Regulatory Adherence: Ensure compliance with all relevant regulations, standards, and frameworks (e.g., NIST 800-53, FISMA, HIPAA, etc.). Work with other teams to achieve and maintain security certifications and assessments. Security Awareness Training: Provide security awareness training to end-users, including conducting periodic drills to ensure readiness in the event of a security breach or threat. Emerging Threats and Technologies: Stay updated on emerging cybersecurity threats, vulnerabilities, technologies, and best practices. Recommend and implement new security measures and tools as necessary. Documentation: Document all security configurations, incident responses, risk assessments, and compliance status reports for internal and external auditing purposes. Ensure records are up-to-date and easily accessible. Vulnerability Scanning and Reporting: Regularly scan for vulnerabilities and exploits within the organization’s systems, reporting findings to NOAA Cybersecurity and coordinating the response to identified issues.