Information Security Analyst (ISA)

Information Security Analyst (ISA)

We are seeking an experienced and highly motivated Information Security Analyst (ISA) contractor to join our Governance, Risk, and Compliance (GRC) Team. This role will collaborate with business units to understand reporting, data, and product requirements while supporting enterprise information security initiatives.

The successful candidate will work across departments to define project requirements, identify data dependencies, develop data models and process flows, support user adoption and training efforts, and ensure the highest standards of accuracy and quality in information analysis and documentation.

The State of Arizona promotes a flexible work culture that supports remote work opportunities. All work, including remote work, must be performed within Arizona unless otherwise authorized.

Job Responsibilities

• Conduct risk assessments and security audits.
• Generate findings reports and provide recommendations for improvement.
• Track remediation activities and outcomes for compliance reporting.
• Develop reports detailing audit findings, non-compliance issues, POA&Ms, and incident reports.
• Review and maintain audit plans, security plans, and risk documentation.
• Investigate suspicious network activity and generate incident reports.
• Prepare audit documentation and draft audit findings according to agency standards.
• Research industry security standards, regulations, and best practices.
• Support technical project managers with requirements gathering and project documentation.
• Develop user training materials and support customer adoption initiatives.

Knowledge, Skills & Abilities

• Strong understanding of information security principles, policies, and procedures.
• Knowledge of Information Security Risk Management practices.
• Experience with NIST 800-53 Rev 5, IRS Publication 1075, HIPAA/HITRUST, CJIS, and MARS-E.
• Expert knowledge of auditing, internal controls, and risk management frameworks.
• Knowledge of Security and Privacy Control implementation and assessment.
• Experience with Risk Management Framework (RMF).
• Knowledge of system authorization and approval processes.
• Experience conducting technical audits and reviews.
• Understanding of Windows, Unix/Linux, networking, databases, and software development.
• Strong written, verbal, analytical, and interpersonal communication skills.
• Ability to develop security policies, strategies, and compliance programs.
• Ability to collaborate effectively across departments and organizations.
• Ability to identify security risks and recommend process improvements.
• Ability to create training materials and support user adoption initiatives.
• Experience developing and maintaining project documentation and artifacts.

Required Skills

• NIST 800-53 Revision 5 (Required)
• Risk Management Framework (RMF)
• Windows / Unix Administration Experience

Preferred Qualifications

• Project Management experience.
• CISSP Certification.
• CCSP Certification.
• GSTRT Certification.
• GSNA Certification.
• CAP Certification.

#LI-JK1