We are seeking a GRC-focused Senior Information Security Analyst to support Florida Department of Environmental Protection (DEP)'s cybersecurity program, including risk assessments, policy development, system categorization, and compliance documentation.

Responsibilities:

• Conduct system risk categorizations and Triennial Risk Assessments.
• Develop Information Security Policies, Procedures, and User Access frameworks.
• Identify high value assets and support security control documentation.
• Create System Security Plans (SSPs) and data flow diagrams.
• Recommend improvements to MFA, Vulnerability Management, and Change Management.

Qualifications:

• 5+ years in Information Security, Cyber GRC, or Risk Assessment.
• Strong understanding of NIST CSF, 60GG F.A.C., and 282.318 F.S.
• Experience creating policies, procedures, and compliance documentation.
• Certifications preferred: CISSP, CISA, Security+.
• Must pass Level 2 Background Screening.

Important Notice:

This role is part of a proposal for the Florida Department of Environmental Protection (DEP). Hiring is contingent upon the selection of the consultant. Selected candidates will be included in the proposal and must authorize the use of their resume for submission.