Govt. IT Security Risk Analyst - IN HOUSE TEAM MEMBER Preference Applies - Closes

POSITION SUMMARY

The Security Risk Analyst, under the direction of the Director of IT Security, is responsible for identifying, analyzing, and mitigating potential cyber security risks within and across all of the Tribe’s divisions including, government, health, gaming & hospitality and other enterprises. As part of the Security team, this position will participate in many cyber security activities, but will have a primary focus on risk identification and mitigation.

Leading the regular functions and activities related to vulnerability identification and penetration testing, the Security Risk Analyst will analyze findings and report those to the proper IT management team members along with recommendations for mitigation.

• Conduct comprehensive risk assessments to identify and evaluate potential security threats and vulnerabilities.
• Analyze the impact of identified risks on the organization’s information systems and assets.

• Monitor and manage vulnerabilities in the organization’s IT and data infrastructure.
• Collaborate with IT teams to prioritize and address vulnerabilities based on their severity.

• Participate in testing, training or active investigations to understand the root cause of security incidents and recommend corrective actions.

• Ensure compliance with industry regulations and standards.
• Work with the Director of IT Security to update security policies and procedures to meet regulatory requirements or industry’s best practices.

• Provide education and training to employees on security best practices.
• Promote a security-conscious culture within the organization.

• Regularly generate and present security metrics, risk analysis findings, and reports to management.
• Communicate to all stakeholders the status of security risks and mitigation efforts, and actively participate in mitigation efforts, when possible, to expedite resolution.

• Utilizing security tools and technologies to monitor and analyze network traffic, detect vulnerabilities, test systems for vulnerabilities, isolate threats and respond to security incidents.

• Collaborate with cross-functional teams, including IT, legal, compliance, and department leaders to understand business operations and to address security concerns and identify potential solutions.

• Stay abreast of the latest security trends, technologies, and threats.
• Recommend and implement improvements to the organization’s security posture.

• Develop and recommend risk mitigation strategies to reduce the impact of potential security risks.

Immediate peers, peers in other departments, immediate supervisor/manager, managers in other departments, executives, Board of Directors, customers and outside vendor/service providers.

Position medium with lifting of 50 pounds maximum. Physical factors include constant use of near vision and typing; frequent walking, sitting, kneeling, use of midrange/color vision; and occasional standing carrying, lifting, pushing/pulling, climbing, stooping, crawling, reaching, manual handling, use of hearing, smell and far vision, depth perception and field of vision, typing and bending. Working conditions include occasional exposure to extreme cold and noise.

Potential hazards include frequent computer and equipment use and occasional exposure to moving mechanic parts, electric shock, client contact and medical equipment.

Associate’s degree in computer science, Computer Information Systems Management or Technology related field required or three years of IT experience may be considered in lieu of a degree.

Two years of experience in cybersecurity including but not limited to compliance, threat detection, vulnerability analysis, and penetration testing required in addition to the above-stated education requirements.

Must undergo a criminal background investigation done under the rules of the National Indian Gaming Commission. Must have a valid…