Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 07/22/21

Applications Due08/01/21

Vacancy ID89168

AgencyInformation Technology Services, Office of

TitleInformation Technology Specialist 4 (Information Security) Ref #18586

Occupational CategoryI.T. Engineering, Sciences

Salary Grade25

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $81446 to $102661 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.50


From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? Yes

Telecommuting allowed? Yes

County Albany

Street Address W. Averell Harriman State Office Campus, Building 5, 4th Floor

City Albany


Zip Code12207

Minimum Qualifications bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or information technology; and three years of information technology experience, including two years of information security or information assurance experience**.

*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general
information technology experience.

**Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications:
• Bachelor's Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, Information Technology, or a related field.

• 2+ years’ experience in technical writing

• 1+ years’ experience years’ experience in the following:
o business intelligence, data analysis, data modeling, data visualization, and data presentation.
o developing metrics and key performance indicators

• Possess a working knowledge of:
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
o Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series)

• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.

• Demonstrated critical thinking, problem solving and analytical skills.

• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.

• Prior expertise and understanding of the ServiceNow ITSM tool and Service Delivery fundamentals

• Prior expertise and development experience in the RSA Archer toolset and methodologies

Duties Description Under the direction of senior team members within the Chief Information Security Office/Integrated Security Services/Risk Management section, the Incumbent will be responsible for leading the data analytics and process improvement efforts built off of the ITS GRC (Governance, Risk and Compliance) Tool, TRIMS (Threat, Issues, Risk Management System) as well as participating in the operational duties of TRIMS releases in a bugfix/release/development capacity.
The Incumbent will be responsible for supervising, planning, and coordinating the activities of grade 23 and below team members as applicable with the current team sizing. They ensure alignment with standards, industry best practice, legal and statutory requirements, and Federal and State Mandates. In addition to management responsibilities, this position requires IT experience and technical expertise in Risk Management and Remediation oversight.
Specific duties may include, but are not limited to:
• Involvement and demonstrated leadership in the implementation of the GRC Tool including successful implementation of Risk Management Processes by managing the Risk Management team to enable the following:
o Implementation of a Findings/Risk Register – input from vulnerabilities, risk assessments, audits, asset inventory scans, etc.
o Implementation of standardized Risk Assessments (SSDLC, Application, Platforms, Projects)
o Implementation of Policy Management – (creation, modification, review, deletion, assessments, exceptions)
o Implementation of IT Controls – (configuration management, compliance)
o Implementation of Incident Management
o Installation, update and configuration of system – work with Operations to ensure system is regularly being updated
o Development of standard documentation that can be used for Integrated Risk Management Program:
? Business Process Documents
? Data Dictionary Documents
? Business Process Flow Diagrams
? Test Plan Documents
? Risk Assessment templates
o Develop and implement standard Risk scoring:
? Business criticality – availability of business service
? Data Classification – confidentiality / integrity
? Impact on other systems – dependency factor
? Quantitative assessment – loss revenue
? Number of users affected
? Reputational consequences
o Develop and implement standard Risk Assessment reporting & Dashboards
? Risk Assessment Reports – Executive & Detailed
? Dashboards – Measures / Metrics / KPI / KRI
o Develop and implement tracking of identified risk and remediation
o Develop and implement standard remediation recommendation reporting
? Develop workflow to create remediation plans
? Develop and implement prioritization recommendations for remediation
? Standardizing process for risk scoring and remediation recommendation
? Develop ability to parse out and report by portfolio, agency, bureau and business unit
o Monitor and Evaluate the TRIMS data set to propose modifications to the Risk Governance Process and to prepare and present data in a way to support and enhance the Information Security program in ITS and the state as a whole.

• In addition, the Incumbent will:
o Maintain an adequate level of understanding as to the capabilities of scripting and programming that may assist with the automation of Risk Assessment and Tracking.
o Manage staff and resources dedicated to the unit.
o Monitor progress and manages workload assignments.
o Develop written standard operating procedures and related processes.
o Establish workflows to enhance productivity of the unit
o Perform additional programming and scripting required for unit activities and supervises related tasks for subordinate team members.
o Provide training, guidance, and acts as a mentor to subordinate team members.
o Develop and delivers presentations regarding cyber security threats and response and remediation efforts.
o Supervise subordinate team members performing the full range of administrative responsibilities, including performance evaluations, time sheet approval, etc.
o Characterize and analyze systems and their design and functionality to maintain an understanding of various NYS agency businesses
o Create standard operating procedures (SOPs), user guides, and other documentation to support a process-based approach to team operation
o Participate in development of metrics to measure the effectiveness of the team and program
o Maintain an adequate level of current knowledge and proficiency in general information security through annual Continuing Professional Education (CPE) credits directly related to information security
o Performs additional duties as required.

Additional Comments Approval to fill this position is pending with Division of the Budget (DOB). Background check and fingerprinting are required.

Some positions may require additional credentials or a background check to verify your identity.

Name Louise C. Nails

Telephone 518-473-5282

Fax 518-402-4924

Email Address


Street 26th Floor, Corning Tower, ESP

City Albany

State NY

Zip Code 12242


Notes on ApplyingTo apply, please submit a resume and cover letter indicating that you are applying for the Information Technology Specialist 4 (Information Security) Ref: #18586. Please clearly indicate how you meet the minimum qualifications for this position. Your Social Security number may be required to confirm your eligibility.

Printable Version