Page 5 of 8
Infor
mation Processing Standard (FIPS), and Family Educational Rights and Privacy Act (FERPA).
Coordinates IT data and security audits with third parties, Security and Compliance Administrators and
management and leads or assists with forensic investigations.
Recommend
ed Education and Experience for Full Performance
Bachelor’s degree in Computer Science, Management Information Systems (MIS), Information Technology,
Engineering or similar technical degree and six (6) years of experience in IT security or compliance validation
(e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field
and/or direct experience in this occupation totaling ten (10) years may substitute for the required education
and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or
regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience. At least
two (2) years of which must be leading/supervising a security team.
Minimum Qualifications
Bachelor’s degree in Computer Science, Management Information Systems (MIS), Information Technology,
Engineering or similar technical degree and four (4) years of experience in IT security or compliance validation
(e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field
and/or direct experience in this occupation totaling eight (8) years may substitute for the required education
and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or
regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Essential Duties and Responsibilities*
1. Provides guidance and counsel to the agency CIO and executive management to define objectives for
information security.
2. Leads the development and implementation of effective policies, processes and practices to secure
protected and sensitive data; ensure information security and compliance with relevant legislation and legal
interpretation.
3. Exercises full management responsibility for a technical group, including recruiting, hiring, training,
developing, evaluating, and setting priorities within the scope of the agency’s IT Security strategic plan.
4. Ensures work completion within schedule, budgetary, and design constraints; makes decisions about
anal
ysis, design, and testing; solves complex technical problems; provides alternative methods for achieving
goals when
necessary.
5. Works with business unit managers to ensure employees are aware of cybersecurity issues, are trained in
good cybersecurity practices, and are practicing safe/secure data collection, data transfers and storage, and
use of social media, mobile devices, and apps, among others. Develops enterprise educatio
n and
com
munication plan
.
6. Develops and maintains IT Audit and Forensics processes. Conducts risk assessments to properly analyze
the risks to information asse
ts.
7. Ensures organization continuity and disaster recovery plans are documented and maintained.
8. Provides leadership for all security incidents and acts as primary technical control point during significant
information security incide
nts.
9. Oversees contractor/vendor work performance related to IT Security and Compliance efforts.
10. Coordinates the administration and logistical procedures for disaster recovery testing, and integration of all
enterprise “critical” systems. Identifies and coordinates resolution of information security recove
ry issues.
11. Analyzes recovery drills performance and recommends changes to plan, as needed.
12. Ensures coordination of all IT internal and external assessment components.
13. Reviews and delivers information security performance summary with analytical evaluation to leadership
teams, as needed. Identifies areas needing improvement and develops recommendations.
14. Recommends tools and solutions that provide security functions. Oversee key technologies such as
Clear
Well, RSA
Archer.