INFORMATION SECURITY ANALYST-SENIOR - 11252025-73179

Job Information

LOCATION OF (1) POSITION(S) TO BE FILLED: DEPARTMENT OF FINANCE & ADMINISTRATION, BUSINESS SOLUTIONS DELIVERY DIVISION, DAVIDSON COUNTY

For more information, visit the link below:
https://www.tn.gov/content/dam/tn/finance/job-specification-files/Information%20Security%20Analyst%20SR.pdf

Hybrid

CJIS (Finger prints) and Name Base background checks

Qualifications

Education and Experience: Bachelor's degree and five years of experience in information security, risk management, or policy implementation.

Substitution of Graduate Coursework: Graduate coursework in information security may substitute for one year of experience.

Substitution of Experience for Education: Experience in cybersecurity or incident response may substitute for education up to four years.

Alternate Qualification:
Three years as an Information Security Analyst - Junior or CISSP certification also qualifies.

Overview

Under direction, the Information Security Analyst-Senior leads information security operations including policy enforcement, risk assessments, incident response, and compliance management. This role also supervises junior staff and ensures security measures align with strategic and regulatory requirements. This class differs from that of Information Security Analyst-Junior in that incumbents of the latter are responsible assisting with security policy promulgation, risk analysis, safeguard and compliance efforts, and incident response and have no responsibility for supervising subordinate employees.

Responsibilities

1. Directs risk assessments and audits to identify security vulnerabilities and ensure compliance with regulations.
2. Develops, updates, and implements security policies, procedures, and system controls.
3. Supervises junior staff, delegates security tasks, and provides training on forensic techniques and risk management.
4. Oversees the monitoring and analysis of security events and manages response and recovery operations.
5. Coordinates physical and digital security programs and leads enterprise threat mitigation efforts.
6. Prepares executive reports on system health, audit findings, and compliance trends.
7. Advises on vendor security contracts and reviews MOU, grants, and agreements for security compliance.
8. Evaluates new security products and designs secure system architectures.
9. Promotes user awareness through security training and policy communication.
10. Leads the investigation and resolution of security incidents and breaches.

Competencies (KSA's)

Competencies:
1. Strategic Mindset
2. Customer Focus
3. Decision Quality
4. Optimizes Work Processes
5. Strategic Mindset

Knowledges:
1. Advanced cybersecurity best practices
2. Regulatory and compliance frameworks
3. Risk assessment methodologies
4. Systems architecture and defense-in-depth
5. Data privacy and protection strategies

Skills:
1. Risk and threat analysis
2. Policy creation and enforcement
3. Forensic investigation
4. Team supervision and training
5. Report preparation and presentation

Abilities:
1. Manage high-priority security projects
2. Advise on compliance strategy
3. Lead cross-functional response teams
4. Communicate complex security topics clearly
5. Drive improvements in enterprise security posture

Tools & Equipment

1. Security Information and Event Management (SIEM)
2. Compliance Management Tools
3. Forensic Analysis Tools
4. Vulnerability Scanners
5. Microsoft Office Suite