CYBERSECURITY POLICY, RISK, AND COMPLIANCE ANALYST

Recruitment #22-133-3489

Job Description

Do you want to make a difference in one of the fastest-growing counties in the United States? Can you work as part of a team with inspiration, vision, and creativity? Are you passionate about the role of technology in supporting the mission of local government?

Loudoun County's Department of Information Technology is currently seeking a Cybersecurity Policy, Risk and Compliance Analyst in the Information Security Office. The Cybersecurity Policy, Risk and Compliance Analyst will assist in maintaining the security of County enterprise networks, systems, applications, and other services spanning on-premises, cloud, and hybrid environments. The selected candidate's responsibilities include security policy and standards development, enterprise architecture and application risk assessments, departmental, user, and vendor outreach, and security and compliance training and awareness activities.

The position will also participate in incident response and security monitoring activities, conduct enterprise vulnerability assessments and coordination remediation of findings, act as a liaison to support compliance activities related to PCI-DSS, HIPAA, and other security and privacy regulation and standards, and provide additional daily support of the County's information technology security program. Position is specifically focused on security policy, risk, and compliance functions of the department.

This position requires

- A firm understanding of network architecture security, endpoint security, cloud security, and application security is strongly preferred.

- Knowledge of multiple operating systems deployed in on-premises, hosted, or hybrid datacenter environments

- Maintain experience working in environments with data and system security regulatory requirements such as HIPAA and PCI-DSS requiring compliance with industry information security standards and best practices

- Knowledge of technical and administrative information security assessment and auditing frameworks

- Knowledge of email filtering, web filtering, VPN, mobile device management, encryption, multi-factor authentication, and next generation firewalls.

- Knowledge of vulnerability assessment and penetration testing principles

Salary commensurate with experience

Loudoun County Benefits Summary

Job Requirements

Requires any combination of education and experience equivalent to a Bachelor's degree in computer science/information technology, cybersecurity, network or IT systems administration and three (3) years' experience in information technology security systems, network security or cybersecurity.

Weekend and evening assignments and on-call rotation support will be required for this position.

This position is not eligible for 100% telework.

Special Requirements

- Ability to work independently and as part of a team is preferred.

- Excellent oral and written communication skills.

- Industry certifications such as CISSP, CISA, Security+, CEH are preferred but not required.

- Hold or obtain certifications preferred by Department such as Information Technology Infrastructure Library Foundation certification (ITIL), Project Management Professional certification (PMP), or Certified Associate in Project Management (CAPM).

- Preferred experience in Innotas/Planview software and Leankit tools, other project management software, and SharePoint, Teams, and ServiceNow.

- Local government experience preferred.

Post Conditional Offer Contingencies

- Fingerprinting and driving background checks will be conducted on the successful candidate.

- Must have a valid driver's license.