Senior Security Analyst; Information Systems Analyst II, Opt. S

Union position notice.

Are you looking for a rewarding career with an organization that values its staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment. This position serves as a Senior Security Analyst supporting the Get Covered Illinois Program, I lead cybersecurity risk management and compliance efforts aligned with federal standards like NIST SP 800-53 Rev.

5. In this role, you will specialize in securing Health Insurance Exchange systems through risk assessments, audit coordination, and disaster recovery planning. In addition, you will provide technical expertise to ensure regulatory compliance, system resilience, and stakeholder confidence. If you possess these knowledges, skills, abilities and experience, we invite you to apply for this position to join the DoIT Team!

• Competitive Group Insurance benefits including health, life, dental and vision plans
• Flexible work schedules (when available and dependent upon position)
• 10
  -25 days of paid vacation time annually (10 days for first year of state employment)
• 12 days of paid sick time annually which carryover year to year
• 3 paid personal business days per year
• 13-14 paid holidays per year dependent on election years
• 12 weeks of paid parental leave
• Pension plan through the State Employees Retirement System
• Deferred Compensation Program – voluntary supplemental retirement plan
• Optional pre‑tax programs
  -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)
• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility

• Under general direction, serves as a Senior Security Analyst for the Department of Innovation & Technology (DoIT), supporting the Get Covered Illinois (GCI) Program under the Department of Insurance (DOI), performing complex and specialized professional work in the administration and management of cybersecurity risk, adhering to NIST SP 800-53 Rev. 5 and other applicable federal frameworks, including those adopted by the Centers for Medicare & Medicaid Services (CMS) for Health Insurance Marketplace Information Systems.
• Coordinates network planning, administration, and operations activities in support of the HIX platform and related systems.
• Serves as project leader on highly complex projects while independently planning, developing, and implementing techniques for gathering and interpreting data.
• Functions as IT liaison interacting with third party information system vendors, other state agencies and outside entities, including agencies of other states, and the federal government.
• Keeps abreast of new developments in the information technology field by continuing education through online training platforms, meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
• Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

• Requires knowledge, skill, and mental development equivalent to four (4) years of college with coursework in computer science or directly related fields.
• Requires three (3) years of professional experience in security or a related Information Technology field.

• Requires three (3) years of professional experience implementing, reviewing, analyzing, monitoring and maintaining IT security controls, including application of NIST SP 800-53 Rev 5 or comparable cybersecurity frameworks for enterprise information systems.
• Requires three (3) years of professional experience performing risk assessments, vulnerability management, or threat intelligence activities within an enterprise environment, including data protection operations such as encryption, intrusion detection, firewall management, and malware protection.
• Requires three (3) years of professional experience administering or supporting enterprise-level cybersecurity technologies and tools to safeguard information systems, application and infrastructure.