Job Title: IT Security Analyst I
Department: Department of Technology, Management, and Budget (DTMB) Agency Services
Location: Michigan Department of Transportation (MDOT), Michigan, USA

Position Summary:
The IT Security Analyst I will play a crucial role in ensuring the security of systems within the Michigan Department of Transportation (MDOT). Working closely with IT project teams, business stakeholders, and enterprise security representatives, the IT Security Analyst I will be responsible for creating and maintaining system security plans (SSPs) for both new and existing applications. This role requires a deep understanding of information security principles, best practices, and regulatory requirements, along with the ability to effectively communicate technical matters to non-technical stakeholders.

Key Responsibilities:

• Develop system security plans (SSPs) for new applications, adhering to the Secure Application Development Life Cycle (SADLC) and Michigan Security Accreditation Process (MiSAP) standards.
• Maintain SSPs for existing applications requiring authority to operate (ATO) and those undergoing software/hardware enhancements.
• Monitor plans of action and milestones (POA&M) and corrective action plans (CAP) related to SSPs in collaboration with the MDOT Enterprise Information Management (EIM) office.
• Validate SSPs to ensure compliance with NIST control requirements.
• Provide recommendations for improving the organization's security posture based on findings, aligned with SOM PSP & NIST controls.
• Assist team members and vendors in collecting artifacts necessary for assessments.

Required Skills:

• 1 year of experience in the IT industry applying information security principles and practices.
• 1 year of experience reviewing IT systems/applications with basic knowledge of networking components and various operating systems.
• 1 year of experience analyzing NIST Special Publications 800-37 Revision 1, 800-53 Revision 3,4, or 5, and 800-53A Revision 1.
• Familiarity with other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus.
• Certifications such as CISSP, CISA, PMP, and/or Security are desirable.
• Experience working with software vendors to implement security controls is an advantage.
• Strong written and verbal communication skills, with the ability to communicate technical concepts to non-technical stakeholders.
• Ability to work independently and collaboratively in a team environment.
• Flexibility to manage multiple projects, shifting priorities, and rapid changes.

Application Process:
Interested candidates should submit their resume and a cover letter detailing their relevant experience and qualifications to [insert contact information or application link].

Deadline for Application:
[Insert application deadline if applicable]

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.