Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.

Review Vacancy

Date Posted 11/17/22

Applications Due12/17/22

Vacancy ID116909

AgencyState Comptroller, Office of the

TitleInformation Technology Specialist 3 (Information Security) - Item# 00703

Occupational CategoryI.T. Engineering, Sciences

Salary Grade23

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $79325 to $100342 Annually

Employment Type Full-Time

Appointment Type Contingent Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 10%

Workweek Mon-Fri

Hours Per Week 37.50


From 8 AM

To 4 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? Yes

County Albany

Street Address Office of the New York State Comptroller

110 State Street

City Albany


Zip Code12236

Minimum Qualifications You must have a Bachelor’s degree* in Information Security, Cyber Security, Digital Forensics, Information Assurance, or Information Technology related field, OR bachelor's degree with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology AND two years of information security related technology experience**.

* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate degree requires an additional two years of information technology, information security, or information assurance experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.

Duties Description • Assist with the Security Review of the Office of the State Comptroller’s (OSC’s) projects, performing risk assessments to understand the threats posed to OSC’s information assets and determining the appropriate security testing and controls required for each project to reduce or mitigate risk.
• Perform security compliance reviews and assessments against current security policies and standards.
• Maintain a list of projects and the current state of risk assent under review.
• Utilize Information Security Office (ISO) risk templates to identify and document system and infrastructure risks.
• Document security controls that mitigate risk and provide this information to the project team.
• Ensure all Authorization to Operate (ATO) and/or interim ATO documentation is completed within the allocated timeframe.
• Communicate the status of assigned projects providing management with updates on timelines, issues and risks in a timely manner.
• Determine risk level by collecting and analyzing risk data from security testing and reviews (e.g., intrusion tests, audits, etc.).
• Lead risk assessment exercises.
• Train and supervise colleagues on facilitating the risk assessment process.
• Ensure that risk assessment documentation is created, updated, and maintained.
• Support and assist business units with risk assessments.
• Review risk assessments completed by subordinates, ensuring thoroughness and accuracy.
• Plan and supervise the activities of subordinate staff to ensure duties are performed accurately, timely, and according to established priorities and division goals/strategies.
• Communicate objectives and expectations to staff by allocating resources, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
• Perform the full range of supervisory responsibilities including, but not limited to, development and completion of comprehensive performance evaluations and review of timesheets/telecommuting journals.
• Encourage professional development for team members and assist in developing training plans. Provide staff with training opportunities including on-the-job training, vendor sponsored events, and formal outside training.
• Facilitate knowledge transfer across the team.
• Promote collaboration within the organization.
• Address personnel and employee performance issues timely and with discretion.
• Ensure participation in and completion of various OSC’s training courses on time.
• Understand and ensure the adherence to all agency policies and standards.
• Inform management of progress, issues, and risks that could affect the completion of objectives, as well as requests outside of assigned duties.
• Support and supply content for the Secure System Development Framework (SSDF) on the ISO website.
• Maintain the Intranet site to ensure information is current.
• Support teams and apply SSDF objectives.
• Research security SSDF best practices for articles to include in the ISO website.
• Deliver presentations on SSDF best practices as requested.
• Oversee OSC’s Security Awareness training course, tracking participation and ensuring completion is documented for auditing purposes.
• Assist with planning and managing vendor penetration testing engagements.
• Coordinate penetration testing between OSC business units and external penetration testing agencies.
• Provide progress report and updates to all OSC business units involved.
• Oversee complete penetration testing engagements.

Additional Comments Preferred Knowledge, Skills, and Abilities:
• Three years of experience working as an information security professional.
• Working knowledge of:
• Information Security (CIA triad, Information Classification, Risk Management, Vulnerability Management, Security Architecture).
• Information Security Frameworks (National Institute of Standard and Technology (NIST) Cyber Security Framework, Center for Internet Security (CIS) Controls, Cloud Security).
• Three years of experience in the following areas:
• Conducting risk assessments.
• Evaluating information technology systems for security controls and Secure System Development Framework (SSDF).
• Three years of experience in technical writing.
• Demonstrated critical thinking, problem solving and analytical skills.
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.
• Excellent oral and written communication skills, including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.

Some positions may require additional credentials or a background check to verify your identity.

Name Erin M. Zielinski

Telephone (518) 474-1924

Fax (518) 486-6723

Email Address


Street Office of the New York State Comptroller, Office of Human Resources

110 State Street, 12th Floor

City Albany

State NY

Zip Code 12236


Notes on ApplyingPlease submit a clear, concise cover letter, resume, and a completed copy of this template: via email to no later than December 17, 2022. Be sure to
reference Item #00703-OER-EMZ in the subject line on your cover letter for proper routing.

PLEASE NOTE: To access the required template, copy the link and paste it into your web browser to download and complete

PLEASE NOTE: You MUST complete the linked template in full to demonstrate you meet the minimum qualifications for this position. Interview selection is based SOLELY on the information you provide in this document, incomplete or vague information will not be viewed in your favor.

When responding, please include the reference number and letters listed in this section. The OER ID # should not be included.

Printable Version