POSITION SUMMARY:

The Security Risk Analyst, under the direction of the Director of IT Security, is responsible for identifying, analyzing, and mitigating potential cyber security risks within and across all of the Tribe’s divisions including, government, health, gaming & hospitality and other enterprises. As part of the Security team, this position will participate in many cyber security activities, but will have a primary focus on risk identification and mitigation. Leading the regular functions and activities related to vulnerability identification and penetration testing, the Security Risk Analyst will analyze findings and report those to the proper IT management team members along with recommendations for mitigation.

ESSENTIAL FUNCTIONS: (includes, but is not limited to, the following)

• Risk Assessment:
• Conducting comprehensive risk assessments to identify and evaluate potential security threats and vulnerabilities.
• Analyzing the impact of identified risks on the organization’s information systems and assets.
• Vulnerability Management:
• Monitoring and managing vulnerabilities in the organization’s IT and data infrastructure.
• Collaborating with IT teams to prioritize and address vulnerabilities based on their severity.
• Incident Response:
• Participating in testing, training or active investigations to understand the root cause of security incidents and recommending corrective actions.
• Security Policy and Compliance:
• Ensuring compliance with industry regulations and standards.
• Working with the Director of IT Security to update security policies and procedures to meet regulatory requirements or industry best practices.
• Security Awareness:
• Providing education and training to employees on security best practices.
• Promoting a security-conscious culture within the organization.
• Security Metrics and Reporting:
• Regularly generating and presenting security metrics, risk analysis findings and reports to management.
• Communicating to all stakeholders the status of security risks and mitigation efforts, and actively participating in mitigation efforts, when possible, to expedite resolution.
• Security Tools and Technologies:
• Utilizing security tools and technologies to monitor and analyze network traffic, detect vulnerabilities, test systems for vulnerabilities, isolate threats and respond to security incidents.
• Collaboration:
• Collaborating with cross-functional teams, including IT, legal, compliance, and department leaders to understand business operations and to address security concerns and identify potential solutions.
• Continuous Improvement:
• Staying abreast of the latest security trends, technologies, and threats.
• Recommending and implementing improvements to the organization’s security posture.
• Risk Mitigation Strategies:
• Developing and recommending risk mitigation strategies to reduce the impact of potential security risks.

PHYSICAL REQUIREMENTS:

Position medium with lifting of 50 pounds maximum. Physical factors include constant use of near vision and typing; frequent walking, sitting, kneeling, use of midrange/color vision; and occasional standing carrying, lifting, pushing/pulling, climbing, stooping, crawling, reaching, manual handling, use of hearing, smell and far vision, depth perception and field of vision, typing and bending. Working conditions include occasional exposure to extreme cold and noise. Potential hazards include frequent computer and equipment use and occasional exposure to moving mechanic parts, electric shock, client contact and medical equipment.

REQUIREMENTS:

Education: Associate’s Degree in Computer Science, Computer Information Systems Management or Technology related field required or three years of IT experience may be considered in lieu of a degree.
Experience: Two years of experience in cybersecurity including but not limited to compliance, threat detection, vulnerability analysis, and penetration testing required in addition to the above-stated education requirements.
Certification/License: Must undergo a Criminal Background Investigation done under the rules of the National Indian Gaming Commission. Must have a valid driver’s license and be insurable by the Sault Tribe Insurance Department. Must comply with annual driver’s license review and insurability standards with the Sault Tribe Insurance Department. Will be required to complete and pass pre-employment drug testing.
Knowledge, Skills and Abilities: Strong technical knowledge of common core business IT systems, infrastructure, wide-area-networks, internet communications and connectivity, websites and backup and storage systems. Skilled in network and system penetration testing, threat and vulnerability monitoring and analysis and risk analysis. Knowledge of Microsoft Active Directory, Microsoft Windows, servers and databases and communication protocols. Knowledge of IP based networks hardware and communication preferred. Knowledge of Business Continuity and Data System Security required. Knowledge of PERL, Java, HTML, MySQL, python, Web Application Programming and Linux preferred. Understanding of fundamental concepts in information security including confidentiality, integrity, and availability (CIA triad), risk assessment methodologies, threat modeling, and defense-in-depth strategies. Knowledge of current and emerging cyber threats, attack vectors, and malware trends. Understanding of threat actors, their motivations, and tactics, techniques, and procedures (TTPs). Familiarity with relevant regulatory requirements such as GDPR, HIPAA, PCI-DSS, MICS, CJIS and industry standards like ISO 27001/2. Understanding of legal and compliance frameworks applicable to data protection and privacy. Proficiency in risk assessment methodologies such as NIST SP 800-30, FAIR (Factor Analysis of Information Risk), and OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation). Knowledge of vulnerability assessment tools and techniques. Understanding of common vulnerabilities and exposures (CVEs), vulnerability databases, and patch management processes. Familiarity with various security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus solutions, encryption techniques, secure network architecture, and security information and event management (SIEM) systems. Must have organizational skills and be able to plan, prioritize and manage workload to meet goals in a timely manner. Must have excellent communication skills and be able to communicate clearly in person, in writing, and by telephone and email. Strong problem-solving skills required. Must be able to establish and maintain effective communication with co-workers, supervisors and the general public. Must be able to use word processing, spreadsheet, presentation and database software. Must be able to work extended hours when needed. Must be flexible and available to work various shifts, including nights, weekends and holidays. Position requires being on-call based on business needs. Must maintain strict confidentiality. Native American preferred.
Powered by ExactHire:182p97kyp6o0xlv3em5

ESSENTIAL FUNCTIONS: (includes, but is not limited to, the following)

• Risk Assessment:
• Conducting comprehensive risk assessments to identify and evaluate potential security threats and vulnerabilities.
• Analyzing the impact of identified risks on the organization’s information systems and assets.
• Vulnerability Management:
• Monitoring and managing vulnerabilities in the organization’s IT and data infrastructure.
• Collaborating with IT teams to prioritize and address vulnerabilities based on their severity.
• Incident Response:
• Participating in testing, training or active investigations to understand the root cause of security incidents and recommending corrective actions.
• Security Policy and Compliance:
• Ensuring compliance with industry regulations and standards.
• Working with the Director of IT Security to update security policies and procedures to meet regulatory requirements or industry best practices.
• Security Awareness:
• Providing education and training to employees on security best practices.
• Promoting a security-conscious culture within the organization.
• Security Metrics and Reporting:
• Regularly generating and presenting security metrics, risk analysis findings and reports to management.
• Communicating to all stakeholders the status of security risks and mitigation efforts, and actively participating in mitigation efforts, when possible, to expedite resolution.
• Security Tools and Technologies:
• Utilizing security tools and technologies to monitor and analyze network traffic, detect vulnerabilities, test systems for vulnerabilities, isolate threats and respond to security incidents.
• Collaboration:
• Collaborating with cross-functional teams, including IT, legal, compliance, and department leaders to understand business operations and to address security concerns and identify potential solutions.
• Continuous Improvement:
• Staying abreast of the latest security trends, technologies, and threats.
• Recommending and implementing improvements to the organization’s security posture.
• Risk Mitigation Strategies:
• Developing and recommending risk mitigation strategies to reduce the impact of potential security risks