Senior Security Analyst (Information Systems Analyst II, Opt. S)

Position Overview

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment. This position serves as a Senior Security Analyst supporting the Get Covered Illinois Program, I lead cybersecurity risk management and compliance efforts aligned with federal standards like NIST SP 800-53 Rev. 5. In this role, you will specialize in securing Health Insurance Exchange systems through risk assessments, audit coordination, and disaster recovery planning. In addition, you will provide technical expertise to ensure regulatory compliance, system resilience, and stakeholder confidence.
If you possess these knowledges, skills, abilities and experience, we invite you to apply for this position to join the DoIT Team!

As a State of Illinois employee, you receive a comprehensive benefits package including:

• Competitive Group Insurance benefits including health, life, dental and vision plans
• Flexible work schedules (when available and dependent upon position)
• 10 -25 days of paid vacation time annually (10 days for first year of state employment)
• 12 days of paid sick time annually which carryover year to year
• 3 paid personal business days per year
• 13-14 paid holidays per year dependent on election years
• 12 weeks of paid parental leave
• Pension plan through the State Employees Retirement System
• Deferred Compensation Program – voluntary supplemental retirement plan
• Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)
• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility

For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

Essential Functions

• Under general direction, serves as a Senior Security Analyst for the Department of Innovation & Technology (DoIT), supporting the Get Covered Illinois (GCI) Program under the Department of Insurance (DOI), performing complex and specialized professional work in the administration and management of cybersecurity risk, adhering to NIST SP 800-53 Rev. 5 and other applicable federal frameworks, including those adopted by the Centers for Medicare & Medicaid Services (CMS) for Health Insurance Marketplace Information Systems.
• Coordinates network planning, administration, and operations activities in support of the HIX platform and related systems.
• Serves as project leader on highly complex projects while independently planning, developing, and implementing techniques for gathering and interpreting data.
• Functions as IT liaison interacting with third party information system vendors, other state agencies and outside entities, including agencies of other states, and the federal government.
• Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Minimum Qualifications

• Requires knowledge, skill, and mental development equivalent to four (4) years of college with course work in computer science or directly related fields.
• Requires three (3) years of professional experience in security or a related Information Technology field.

Specialized Skills

• Requires three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev 5 or comparable cybersecurity frameworks for enterprise information systems.
• Requires three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection.
• Requires three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, application and infrastructure.

Preferred Qualifications

• Three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev. 5 or comparable cybersecurity frameworks for enterprise information systems.
• Three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection.
• Three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, applications, and infrastructure.
• Three (3) years of professional experience managing or coordinating business continuity, disaster recovery, or incident response activities, including development, testing, and documentation of related plans.
• Three (3) years of professional experience independently planning, coordinating, and executing complex IT or cybersecurity projects, including documentation, quality assurance, and stakeholder communication.
• Extensive knowledge of LAN/WAN architecture, network topologies, and security infrastructure components supporting enterprise or multi-agency environments.
• Ability to analyze and evaluate security controls across multiple control families within established security frameworks, exercising sound judgment in operational and procedural decision-making.
• Developed verbal and written communication skills to clearly present technical, risk, or compliance information to diverse audiences, including executives, technical teams, and external partners.
• Ability to establish and maintain effective working relationships with colleagues, vendors, agency partners and external partners to support collaborative cybersecurity and compliance initiatives.
• Relevant certifications in networking or information security (e.g., CISM, CISSP, GSEC, CRISC).

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

• Requires the ability to verify identity.
• Requires employment authorization to accept permanent full-time position with the State of Illinois.
• Requires the ability to pass a position specific, agency required background check.
• Requires self-disclosure of criminal history.
• Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone and any other required equipment or devices.
• Requires the ability to attend seminars, conferences and training to remain current on methods, tools, ideologies or other industry related topics relevant to job duties.
• Requires the ability to lift and carry objects or equipment weighing up to 20 pounds. This is considered light work as defined by the U.S. Department of Labor (20 CFR 404.1567(b)). Light work involves lifting no more than 20 pounds at a time with frequent lifting or carrying of objects weighing up to 10 pounds.
• Requires the ability to travel in performance of duties.
• The conditions of employment listed are incorporated and/or related to any duties included in the position description.