---

---

Location

Augusta, GA | United States

---

Job description

Skill 1 Information Security

Skill 2 Project Management

Skill 3 Communication and Stakeholder Engagement

The Cybersecurity Risk Analyst within the State's Information Security Office will be responsible for conducting in-depth risk assessments, aimed

at identifying and evaluating threats to the state's information assets and business processes. This role also involves ensuring that all security

measures comply with regulatory standards and developing strategies to mitigate identified risks. A significant part of the duties includes

collaborating with various teams to provide security recommendations and preparing detailed reports for stakeholders. The position demands staying current with advancements in information security, risk assessment methodologies, and regulatory frameworks to effectively apply this

knowledge in safeguarding state operations.

Key Responsibilities

Risk Assessment and Analysis:

" Conduct comprehensive information security risk assessments across

various State of Maine agencies.

" Identify, assess, and measure risks in systems, applications, technical

environments, networks, and workflows.

" Clearly document vulnerabilities, including their potential impact,

likelihood of exploitation, and affected areas.

" Prepare detailed risk assessment reports to guide management actions

on identified risks.

Risk Mitigation And Compliance

" Compare current security measures against regulatory expectations and

assess the effectiveness of security controls.

" Collaborate with stakeholders to develop mitigation plans to reduce risks

to acceptable levels.

" Provide consultative advice for the development and implementation of

risk response plans.

" Evaluate and recommend improvements in policies, processes, and

standards to bridge security gaps.

Stakeholder Engagement And Program Development

" Manage relationships with business partners and lead discussions on

information security risks and mitigation strategies.

" Assist in the development and deployment of training materials to

promote compliance and risk awareness.

" Contribute to the development of operational practices, procedures, and

activities supporting the Risk Management Program initiatives.

Knowledges, Skills, And Abilities Required

" Strong understanding of information security principles, concepts, and

best practices.

" Expertise in risk assessment processes for information technology

systems.

" Knowledge of security frameworks and standards (e.g., NIST

Cybersecurity Framework, CIS Controls)

" Knowledge of Industry Compliance Standards (e.g., HIPAA, IRS Pub1075, CMS, PCI, CJIS, Social Security Administration)

" Ability to analyze technical vulnerabilities and assess their impact on

security.

" Ability to create comprehensive risk assessment reports and present

findings to stakeholders.

" Ability to manage risk assessment projects, set priorities, and meet

deadlines.

" Ability to make decisions, use discretion and display sound judgement.

" Effective written and oral communication skills.

" Ability to develop plans, policies, and procedures that meet regulatory

compliance requirements.

MINIMUM QUALIFICATIONS: Demonstrated experience in risk

management, including the capability to effectively document and present

risk assessment findings, proficiency in understanding and applying

information security principles, and knowledge of relevant laws and policies

---

Job tags

---

---

Salary