Work Location: remote OVERVIEW At the Commonwealth of Kentucky, we are committed to enhancing the lives of our residents by integrating innovative technology solutions with superior healthcare services. Our Office of Application and Technology Services (OATS) is at the forefront of this mission, ensuring the security and resilience of our information systems. Join us to play a critical role in safeguarding sensitive information and contributing to a safer, more connected community. THE OPPORTUNITY The Office of Application and Technology Services (OATS) is seeking highly motivated candidates for the Information Security Compliance Analyst role for the Commonwealth of Kentucky, reporting directly to the Information Security Compliance Manager up to the Chief Information Security Officer. The Information Security Compliance Analyst is a mid-level position that focuses on ensuring compliance with regulatory requirements, mitigating security risks, and fortifying the cybersecurity framework across the Commonwealth. The ideal candidate will monitor compliance, investigate security breaches, implement best practices, and collaborate with stakeholders to promote a culture of security awareness.: REQUIRED EXPERIENCE Compliance Management Ensure compliance with industry regulations, standards (e.g., FISMA, FedRAMP, ISO 27001, NIST), and internal policies. Conduct regular audits, follow-ups, and risk assessments to identify and address compliance gaps. Maintain and update documentation on security processes and policies. Cybersecurity Operations Monitor and analyze activities in a Security Information and Event Management (SIEM) system. Respond to security incidents, investigate breaches, and document findings. Recommend and implement mitigation strategies for identified vulnerabilities. Collaboration & Training Lead cross-departmental initiatives to align IT security practices with organizational goals. Conduct training sessions to educate staff on compliance and security best practices. Strategic Initiatives Research emerging threats and security enhancements, recommending solutions to management. Participate in the development of security tools and procedures to improve overall security posture. Reporting Prepare and deliver reports for senior management on compliance status, findings, and recommendations. Assist in maintaining the eGRC tool for continuous monitoring and compliance tracking. Other Experience Strong knowledge of IT security frameworks and regulations. Hands-on experience with SIEM tools, network security, and audit processes. Familiarity with government information systems and classified environments is a plus. Skills Proficient in cybersecurity tools, Microsoft Office Suite, and compliance management systems. Strong analytical, documentation, and communication skills. Ability to work independently and lead projects to successful completion. PREFERRED EDUCATION AND CERTIFICATIONS Bachelor’s degree in computer science, Software Engineering, or a related field (equivalent professional experience may be considered for substitution for the required degree on an exception basis). Candidates with one or more of the following certifications are a plus: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Cloud Security Professional (CCSP) Project Management Professional (PMP) Offensive Security Certified Professional (OSCP) Cybersecurity Analyst (CySA+) CompTIA Security+, CASP+, or PenTest+ GIAC Security Essentials (GSEC) System Security Certified Practitioner (SSCP) Virtual interviews will be conducted through MS Teams.