IT Governance, Risk Management and Compliance Analyst - iQuasar

Essential Job Functions and Responsibilities:
Continuous monitoring of IT General Controls.
Continuously improve the security framework, methodology, standards, and system of internal controls.
Govern and report on findings, track status, and ensure corrective actions are complete and sustainable.
Create and maintain Documentation for Technical processes, and compliance procedures.
Support development, implementation, and maintenance of strong security risk & compliance processes for new and existing deployments.
Support risk identification & assessment, response & mitigation, control monitoring and reporting.
Create and maintain incident response, business continuity, and disaster recovery plans for cross-functional teams and deployed or developing systems.
Obtain and review evidence ensuring incident response audit conclusions are well-documented.
Track and provide guidance on lessons learned and institutional risk mitigations from incident response.
Develop narratives and required documentation for IT controls, acquisitions, and process or system changes.
Provide supply chain management guidance for procurement risk.
Provide cross-discipline consulting and management support for IT Security controls development and testing guidance in the completion of complex IT audits, and special projects for IT areas including:
General IT Controls (systems development, change management, computer operations, application controls
Data and Database Management
Network Security
Cloud Environment and Solution as a Service Security
Industrial Control and Operational Technology Security
Emerging technologies
Risk management, project management, governance, and compliance
Perform Risk and Controls Analysis of agency IT systems and functions.
Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across Agency Departments and IT functional groups.
Develop, plan, and perform internal audits of IT processes and information systems from a functional and technical perspective.
Provide quantitative and qualitative risk assessment and audit walk throughs.
Assist in development, review, and improvement of IT policies and procedures.
Assist in the development and completion of IT security risk assessments.
Develop risk and audit processes and programs in collaboration with agency risk management, and audit personnel.
Complete or participate in operational, compliance, and IT Security investigations.
Assist as assistant incident coordinator as needed between across investigative teams and management.
Ensure incident recap and lessons-learned knowledge is socialized and disseminated to stakeholders.
Ensure quantitative analysis of impact is assessed during incident response.
Ensure lessons-learned and institutional knowledge are factored into future management and strategic planning.

Required Abilities and Skills Essential to Job Functions:
Proficiency with GRC systems
Proficiency with Microsoft Project, Microsoft Office products
Be a champion for security culture and excellence, exercise risk-based judgement and prioritize remediation work.
Knowledge of IT control concepts such as zones of trust, zero trust, and privileged access management.
Ability to self-manage with limited oversight.
Excellent written and oral communication skills.
Excellent interpersonal skills
Excellent judgment and problem-solving skills
Must have experience working with security and governance frameworks (i.e. COBIT, NIST, FAIR).
SME level knowledge of regulatory bodies and compliance regulations of IT

Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Risk Management, or related field.

Experience:
Three (3) to five (5) years working in an IT Operational Capacity.
Cross domain IT experience.
CISA, and other IT Audit and Risk Management certifications preferred.
One (1) to two (2) Years Working in an IT operational capacity.
Minimum of one (1) to three (3) years in IT Audit, Risk Management, and Governance required.
Experience in Transit and Operational Technologies a plus.

Special Requirements:
This position requires scheduled Rotating Incident Response.
This position is classified as essential personnel.