Review Vacancy
AgencyState Comptroller, Office of the
TitleInformation Technology Specialist 3 (Information Security) - Item# 00703
Occupational CategoryNo Preference
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $79325 to $100342 Annually
Appointment Type Contingent Permanent
Minimum Qualifications You must have a Bachelor’s degree* in Information Security, Cyber Security, Digital Forensics, Information Assurance, or Information Technology related field, OR bachelor's degree with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology AND two years of information security related technology experience**.
* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate degree requires an additional two years of information technology, information security, or information assurance experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
Duties Description • Assist with the Security Review of the Office of the State Comptroller’s (OSC’s) projects, performing risk assessments to understand the threats posed to OSC’s information assets and determining the appropriate security testing and controls required for each project to reduce or mitigate risk.
• Perform security compliance reviews and assessments against current security policies and standards.
• Maintain a list of projects and the current state of risk assent under review.
• Utilize Information Security Office (ISO) risk templates to identify and document system and infrastructure risks.
• Document security controls that mitigate risk and provide this information to the project team.
• Ensure all Authorization to Operate (ATO) and/or interim ATO documentation is completed within the allocated timeframe.
• Communicate the status of assigned projects providing management with updates on timelines, issues and risks in a timely manner.
• Determine risk level by collecting and analyzing risk data from security testing and reviews (e.g., intrusion tests, audits, etc.).
• Lead risk assessment exercises.
• Train and supervise colleagues on facilitating the risk assessment process.
• Ensure that risk assessment documentation is created, updated, and maintained.
• Support and assist business units with risk assessments.
• Review risk assessments completed by subordinates, ensuring thoroughness and accuracy.
• Plan and supervise the activities of subordinate staff to ensure duties are performed accurately, timely, and according to established priorities and division goals/strategies.
• Communicate objectives and expectations to staff by allocating resources, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
• Perform the full range of supervisory responsibilities including, but not limited to, development and completion of comprehensive performance evaluations and review of timesheets/telecommuting journals.
• Encourage professional development for team members and assist in developing training plans. Provide staff with training opportunities including on-the-job training, vendor sponsored events, and formal outside training.
• Facilitate knowledge transfer across the team.
• Promote collaboration within the organization.
• Address personnel and employee performance issues timely and with discretion.
• Ensure participation in and completion of various OSC’s training courses on time.
• Understand and ensure the adherence to all agency policies and standards.
• Inform management of progress, issues, and risks that could affect the completion of objectives, as well as requests outside of assigned duties.
• Support and supply content for the Secure System Development Framework (SSDF) on the ISO website.
• Maintain the Intranet site to ensure information is current.
• Support teams and apply SSDF objectives.
• Research security SSDF best practices for articles to include in the ISO website.
• Deliver presentations on SSDF best practices as requested.
• Oversee OSC’s Security Awareness training course, tracking participation and ensuring completion is documented for auditing purposes.
• Assist with planning and managing vendor penetration testing engagements.
• Coordinate penetration testing between OSC business units and external penetration testing agencies.
• Provide progress report and updates to all OSC business units involved.
• Oversee complete penetration testing engagements.
Additional Comments • Three years of experience working as an information security professional.
• Working knowledge of:
• Information Security (CIA triad, Information Classification, Risk Management, Vulnerability Management, Security Architecture).
• Information Security Frameworks (National Institute of Standard and Technology (NIST) Cyber Security Framework, Center for Internet Security (CIS) Controls, Cloud Security).
• Three years of experience in the following areas:
• Conducting risk assessments.
• Evaluating information technology systems for security controls and Secure System Development Framework (SSDF).
• Three years of experience in technical writing.
• Demonstrated critical thinking, problem solving and analytical skills.
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.
• Excellent oral and written communication skills, including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.
Some positions may require additional credentials or a background check to verify your identity.
Email Address recruit@osc.ny.gov
Address
Street Office of the New York State Comptroller, Office of Human Resources
110 State Street, 12th Floor
Notes on ApplyingPlease submit a clear, concise cover letter, resume, and the attached template from this link: https://web.osc.state.ny.us/recruit/docs/00703_Information_Technology_Specialist_3_Information_Security_MQ_Template_09_2022.doc via email to recruit@osc.ny.gov no later than October 7, 2022. Be sure to reference Item #00703 - OER - EMZ in the subject line on your cover letter for proper routing.
PLEASE NOTE: You MUST complete the linked template in full to demonstrate you meet the minimum qualifications for this position. Interview selection is based SOLELY on the information you provide in this document, incomplete or vague information will not be viewed in your favor.
When responding, please include the reference number and letters listed in this section. The OER ID # should not be included.