Governance, Risk, and Compliance Analyst

Information Security Analyst Job Description Information Security Analyst (ISA) Contractor

Job Summary

The Department of Economic Security, Division of Technology Services is seeking an experienced and highly motivated individual to join our team as an Information Security Analyst (ISA) contractor. This position will work on the Governance, Risk, and Compliance (GRC) Team to communicate and engage with business units to understand reporting, data, and product needs.

The selected candidate will collaborate across departments to define project requirements, identify data dependencies, and develop data models, workflows, and system diagrams. Responsibilities also include writing specifications for enterprise information policies, supporting user adoption and training, and providing ongoing guidance to stakeholders.

The State of Arizona promotes a flexible work culture, including remote work opportunities. All work must be performed within Arizona unless otherwise authorized.

Job Duties

• Perform risk assessments, audit reviews, and generate findings reports with recommendations.
• Develop reports including non-compliance areas, POA&Ms, observations, and incident reports.
• Review and maintain audit plans, security plans, and risk documentation.
• Investigate suspicious network activity and generate incident reports.
• Prepare and edit audit documentation in compliance with standards.
• Research IT security standards, laws, regulations, and best practices to ensure compliance.
  
  

Knowledge, Skills & Abilities

• Strong understanding of security principles, policies, and procedures.
• Knowledge of Information Security Risk Management and RMF.
• Familiarity with standards such as NIST 800-53 R5, IRS Pub 1075, HIPAA/HITRUST, CJIS, and MARS-E.
• Expertise in internal auditing, controls, and risk management practices.
• Experience in security control selection, implementation, and assessment.
• Knowledge of system authorization and approval processes.
• Experience conducting technical audits and reviews.
• Understanding of IT environments including Windows, Unix, databases, and networking.
• Ability to identify cybersecurity and privacy risks.
• Strong written, verbal, and interpersonal communication skills.
• Ability to manage, assess, and improve security policies.
• Collaborative team player with cross-functional experience.
• Ability to build relationships and manage large teams.
• Ability to ensure security practices across all lifecycle phases.
• Ability to develop policies and strategies aligned with regulations.
• Strong analytical and problem-solving skills.
• Ability to integrate security processes into organizational planning.
• Understanding of cybersecurity concepts and organizational impact.
• Experience supporting user adoption, training, and customer service.
• Ability to identify risks and recommend system improvements.
• Experience supporting project managers and maintaining project artifacts.
  
  

Required Skills

• NIST 800-53 R5 (Required)
• Risk Management Framework (RMF)
• Windows/Unix Experience
  
  

Preferred Skills

• Project Management Experience
• CISSP, CCSP, GSTRT, GSNA, or CAP Certification