Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.

Review Vacancy

Date Posted 04/19/22

Applications Due05/20/22

Vacancy ID103319

AgencyState Comptroller, Office of the

TitleInformation Technology Specialist 4 (Information Security) - Item # 00702

Occupational CategoryI.T. Engineering, Sciences

Salary Grade25

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $88161 to $111111 Annually

Employment Type Full-Time

Appointment Type Contingent Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 8 AM

To 4 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

County Albany

Street Address 110 State Street

City Albany

StateNY

Zip Code12236

Minimum Qualifications Bachelor’s degree* in Information Security, Cyber Security, Digital Forensics, Information Assurance, or Information Technology related field, OR bachelor's degree with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology AND three years of information technology experience, including two years of information security or information assurance experience. **
* Bachelor’s degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience.
** Experience solely in information security or information assurance may substitute for the general information technology experience.

Duties Description • Perform cloud security related activities within Microsoft and Oracle environments.
• Research new cloud technologies and security related solutions.
• Provide guidance and knowledge on various Microsoft cloud solutions, including but not limited to: conditional access policies, Intune, SharePoint, OneDrive, Azure, O365, Multi Factor Authentication (MFA), and Privileged Access Management (PAM).
• Implement document labeling and Data Loss Prevention (DLP) efforts.
• Provide guidance and knowledge on Oracle Cloud Infrastructure and related products.
• Evaluate and ensure OSC’s Microsoft Cloud environment meet NIST security best practices.
• Review OSC’s adherence to compliance requirements (i.e., CIS Benchmarks, NIST).
• Assist with SharePoint implementation, including security best practices.
• Manage the evaluation of cloud computing vendors and determine the security requirements for cloud projects based on the risks involved.
• Conduct research to determine agency risk related to exploits, vulnerabilities, attack techniques, tools, technology, and best security practices.
• Oversee and perform various security compliance reviews and assessments against current security policies and standards, including guiding subordinates on the assessments they are performing.
• Manage OSC's compliance to the Federal Governments Controlled Unclassified Information (CUI) security requirements.
• Support the Information Security Office (ISO) researching industry privacy requirements, personal and private information (PPI) requirements, and best practices.
• Develop and maintain information security policies and standards.
• Oversee the creation and updating of policies and standards.
• Lead information classification exercises on behalf of the ISO.
• Ensure that team members are equipped with the knowledge, skill and ability to support OSC business units with classifying information appropriately.
• Ensure that information classification documentation is kept current.
• Propose security recommendations to safeguard OSC’s information assets.
• Manage and review exceptions to security policies and standards.
• Supervise projects requiring ISO participation.
• Supervise and train staff on information security.
• Guide OSC’s security awareness program.
• Oversee the writing of security articles related to issues that are important to OSC.
• Provide support and content for the security awareness program on the ISO website.
• Research security best practices for articles to include on the ISO website.
• Ensure participation, completion, and documentation of OSC’s security awareness training course.
• Plan and supervise the activities of subordinate staff to ensure ISO duties are performed accurately, timely, and according to established priorities and division goals/strategies.
• Communicate objectives and expectations to staff by allocating resources, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
• Perform the full range of supervisory responsibilities including, but not limited to, development and completion of comprehensive performance evaluations and review of timesheets/telecommuting journals.
• Develop training plans and/or provide staff with training opportunities appropriate to their level of expertise including on-the-job training, vendor sponsored events and formal outside training, as needed.
• Facilitate knowledge transfer across the team.
• Promote collaboration across the organization.
• Address personnel and employee performance issues timely and with discretion.
• Understand and ensure the adherence to all agency policies and standards.
• Inform management of progress, issues, and risks that could affect the completion of objectives, as well as requests outside of assigned duties.

Additional Comments Preferred Knowledge, Skills, and Abilities
• Three years of experience working as an information security professional.
• Working knowledge of:
• Computer security and privacy mandates/regulatory compliance (i.e., HIPAA).
• Microsoft Azure and O365 environments.
• Information Security (CIA triad, Information Classification, Risk Management).
• Information Security Frameworks (NIST Cyber Security Framework, CIS Controls).
• Information Classification.
• Demonstrated experience in one or more of the following areas:
• Microsoft O365.
• Microsoft Intune.
• Microsoft SharePoint.
• Microsoft OneDrive.
• Microsoft Azure.
• Privileged Access Management (PAM).
• Multi Factor Authentication (MFA).
• Implement document labeling and Data Loss Prevention (DLP).
• Creating and updating organization wide security policies and procedures.
• Conditional access policies.
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.
• Demonstrated critical thinking, problem solving and analytical skills.
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.

Some positions may require additional credentials or a background check to verify your identity.

Name Erin M. Zielinski

Telephone (518) 474-1924

Fax (518) 486-6723

Email Address recruit@osc.ny.gov

Address

Street 110 State Street

City Albany

State NY

Zip Code 12236

 

Notes on ApplyingSend your cover letter, resume, and a completed template (follow the link below), indicating how you meet the minimum qualifications, to recruit@osc.ny.gov or the address listed below by May 20, 2022.
Template: https://web.osc.state.ny.us/recruit/docs/00702_ITS%204%20(Info%20Sec)_MQTemplate_4_2022.doc
Be sure to reference Item #00702-GOER-EMZ in your email and cover letter for proper routing.
When responding, please include the reference number and letters listed in this section. The GOER ID # should not be included.

Printable Version