Full Time, Employee

Harrisburg, PA

We have an immediate need for a Security Engineer.

This position will be for a Risk Analyst. The requirements are as follows…

• Identify information security requirements through collection and translation of disparate information sources into actionable language in support of current and proposed governance policies and management directives.
• Organize resources to assess technical, physical, and administrative controls. Identify and analyze risks to determine the adequacy of existing security controls. The assessment process includes interviewing personnel, reviewing and testing security controls, evaluating audit reports, vulnerability scans and penetration test results.
• Coordinate self-assessments with the enterprise, delivery centers, and independent agencies and report on findings.
• Routinely interface with IT and business unit management to assure security initiatives are aligned with business needs. Analyze business and security needs alongside requirements and communicate risks using the enterprise risk register. Communicate the risks to the appropriate parties in a clear and concise fashion so as to educate people on the risks and potential consequences of them.
• Provide guidance and assistance to operational teams to remediate security deficiencies identified in risk assessments.
• Monitor and triage information security requests through various intake mechanisms.
• Identify, analyze, and transition information risks through our risk management workflow.
• Measure, collect, and report on key information security services and risk indicators.
• Develop and communicate information security policies, standards, and procedures so control requirements are understood and integrated throughout the enterprise.
• Evaluate and respond to requests for information security attestations.
• Identify and analyze vendor risks through established workflows.
• Research regulatory guidance and prepare policy/standard gap assessments for management.
• Assess knowledge and behavior gaps to build, deliver, and support information security awareness assessments and communication activities,
• Identify process gaps and support process improvement.
• Mentor and consult with the Information Security Services Team and fellow OIT Team members