▶Apply

Security Analyst

Trillium Professional is now seeking a Security Analyst in Boston, MA - Hybrid, four days per month.  

The BEST Program Security Analyst will work with the BEST team, systems integrator (SI), product vendor, staff from the CTR Risk Management Team and the Executive Office of Technical Services and Security (EOTSS) to deploy technical controls to meet specific end-user security requirements, processes and standards to ensure that security configurations are maintained in the new Financials solution.

The BEST Security Analyst will be a part of the BEST Technical Implementation team and work closely with the other members of the BEST team to develop and implement a comprehensive information security program.

This includes:
• Implementing security policies, processes and standards related to end user roles, data access for application users and how users will be provisioned and de-provisioned.
• Providing operational support for the BEST team, product vendors, and CMW users.

The Security Analyst will work with the BEST Team, agencies, and SI and product vendors to identify the end-user roles and permissions that will be needed to implement the new Financials solution in multiple agencies and across multiple user types in a manner that ensures appropriate access to data by these parties. Procedures for rolling out user security will be developed in conjunction with the SI and product vendors, CTR, EOTSS, and agency staff currently responsible for provisioning and de-provisioning users of the Mosaic application.

Specific Duties
• Works with the BEST Team, SI, and product vendors, CTR and EOTSS to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
o Providing operational support as defined by SLA requirements agreed to by the Commonwealth and the product vendor.
o Implementation of Commonwealth IT policies related to data security.
o Working with the Commonwealth Risk Management Office in their assessments and recommended controls regarding data security and security operations.
o Conducting additional business system analysis as needed.
o Facilitating Communication between users and vendors using issue management software.
o Building operational support playbook for day 2 operations
• Ensure the completion of information security operations documentation.
• Works with BEST information security leadership to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new Mosaic solution.
• Performs a configuration update and execution role in application development and implementation related to security requirements and controls, ensures that security controls are implemented as planned and that security and access needs are addressed throughout the User life cycle.
• Works with BEST, CTR’s, and EOTSS’ CSOs, CIOs, and the Commonwealth’s Risk Management Office to identify, select and implement technical controls related to data security and to implement security processes and procedures that ensure security controls are managed and maintained both centrally through the new solution, and within agencies if certain security management tasks are decentralized.
• Advises the BEST Team and SI and product vendors regarding end user security roles and groups, data access controls and security role provisioning and de-provisioning protocols to ensure that data are accessed appropriately in the new Financials solution.
• Supports the BEST Team and agencies in the tasks required to identify approved end users of the new solution and coordinate provisioning of users for Day One go live.
• Advises security administrators on normal and exception-based processing of security authorization requests including the use of SI or product vendor provided tools that monitor system use and data access irregularities.
• Assists security administrators and IT staff in the resolution of reported security incidents.
• Acts as a liaison between incident response leads and subject matter experts.
• Monitors daily or weekly reports and security logs for unusual events.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
• Researches and assesses new threats and security alerts and recommends remedial actions.
• Supports the implementation of Mosaic complete security profile, including, but not limited to:
• Azure Active Directory (AD) entry
o Mosaic User Security Role
o Mosaic User Business Role
o Mosaic User Workflow Role
o Mosaic Transaction Workflow

Pay rate is $76/hour. Apply now!

Required Skills
• Providing operational security support to end users
• Experience working with modern issue tracking systems (JIRA)
• Understanding of enterprise security best practices, including but not limited to IAM, RBAC, Network Security, SaaS, Cloud Security, Data Security, Encryption, and File transfer management.
• In depth exposure to defining and implementing end user security protocols in a large public or private sector entity comparable in size to the Commonwealth.
• Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST.
• Understanding of information risk concepts and principles as a means of relating business needs to security controls.
• Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.
• In-depth knowledge of risk assessment methods and technologies.
• Good understanding of financial systems security requirements.
• Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Extensive experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
• Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.
• Demonstratable written and verbal communication skills.
Preferred Qualifications
• Experience with Software-as-a-Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options.
• Demonstrated operational security support experience in a Software as a Service (SAAS) solution.
• Exposure to operating end user security protocols, policies, and other in a large public or private sector entity comparable in size to the Commonwealth.
• Exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST.
• Audit, compliance, or governance experience is preferred.
• Demonstrated exposure to financial systems security requirements.
• Experience with Audit, compliance, or governance actions.
• Experience with Microsoft security tools and functions
• Experience with Snowflake security functions
Minimum Entrance Requirements
• Bachelor’s degree in computer science, system analysis or a related study, or equivalent experience in the field of audit compliance and security risk and compliance management.

 

Trillium has been recruiting and placing professionals for over 30 years. From Fortune 100 companies to small businesses, our philosophy remains the same: to achieve excellence by providing quality employees and an uncompromising level of service. We believe in honesty, integrity, and a simple philosophy of providing value to our customers and our employees. We strive to be unsurpassed in the recruitment and placement of quality and skilled professionals. Trillium is an Equal Opportunity Employer.

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for the employers and the California Fair Chance Act.

By applying to this job, I agree to receive electronic communications including SMS text and email regarding future opportunities, referral bonus incentives, and other promotions from Trillium. You may opt out at any time from future communications by responding STOP to any electronic communication. You may view our full privacy policy at https://trilliumstaffing.com/jobs/privacy/.

Trillium offers a comprehensive benefit package that includes the ability to participate in health insurance and retirement plans, paid holidays, state required leave, and vacation days, if applicable. Trillium’s offerings are dependent on the state in which the assignment is located, length of time worked, and may change depending on assignment. Benefit packages for direct hire placements vary based on the client company.

 

Contact Us if you have any questions

Our intentions are to fill job vacancies as quickly as possible with qualified candidates. We are always accepting applications if a time sensitive job has an application deadline it is noted in the job description. Click on "Apply" to begin the apply process.