Mid-Level Security Analyst (Risk, Compliance, & Assessment)

Provide essential support for the Florida Department of Environmental Protection (DEP) cybersecurity initiatives, including system risk categorization, the triennial risk assessment, development and refinement of user access procedures, enhancements to multi-factor authentication, updates to the vulnerability management plan, and creation or revision of security policies and procedures.  Expanded Responsibilities  Evaluate whether security controls are correctly designed and operating as intended across the Department’s systems.  Conduct interviews, review documentation, and sample technical evidence to understand how controls work and how mature they are.  Create system-level risk categorizations based on how sensitive each system is and how it is used.  Support the development of the Department’s upcoming risk assessment by identifying risks, analyzing their impact, and helping score their severity.  Assist with improvements to security procedures, policies, user access processes, and multi-factor authentication guidelines.  Review current vulnerability management and change management practices and contribute updates to bring them up to required standards.  Work closely with the Security Architect to support security documentation, including mapping controls and building system security content.  Participate in interviews, workshops, and onsite assessment activities as needed.  Required & Preferred Qualifications  Experience :

• Bachelor’s or Master’s in Computer Science, Cybersecurity, Information Technology, or Information Security.

Degrees in related technical fields like Engineering (Computer / Electrical), Information Assurance, or Data Analytics are also relevant.  5+ years in cybersecurity risk, compliance, audit, assessments, or governance.  Experience performing NIST CSF, NIST 800-53, or state-level cybersecurity assessments.  Certifications :