IT Security Analyst III
Military Occupation Specialty Code:
Army 255S, Army 17C, Marine 0681
Number of Vacancies:
Office of the Chief Information Security Officer (OCISO)
$6363.00 – $8203.34 / monthly
Hours Worked Weekly:
300 W. 15th Street, Austin Tx 78701
Refer Inquiries to:
(512) 463-5920 or (512) 463-6015
HOW TO APPLY:
Select “Apply Online” to apply for the job at https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=en
You must create a CAPPS Career Section candidate profile or be logged in to apply
Update your profile and apply for the job by navigating through the pages and steps
Once ready, select “Submit” on the “Review and Submit” page.
Applicants must provide in-depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.
Candidates will be notified for appointments as determined by the selection committee.
Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.
EQUAL OPPORTUNITY EMPLOYER
The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age or disability. Please call 512-463-5920 to request reasonable accommodations.
The Texas Department of Information Resources serves a wide spectrum of customers including State of Texas government agencies, county or local government offices, and public education entities of all sizes by leveraging bulk buying power that enables eligible customers to buy IT products and services at aggressive discounts without the need for a lengthy procurement process. DIR is a fast-paced and collaborative environment with highly motivated and engaged employees dedicated to achieving the best value for the state.
This position combines progressive information security program development, implementation, and management expertise with an opportunity to leverage an entrepreneurial determination to evolve information security within state government.
The person in this role performs highly advanced and/or managerial (senior-level) information security analysis functions that include planning, implementing, and monitoring security program elements and services that support government organizations throughout the state of Texas in the protection of information resources. Will interact frequently with the state agency and other governmental agency personnel using a variety of communication mechanisms to convey service delivery information and program implementation details with the purpose of engaging organizations with the statewide security program. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.
WHAT WE DO
The ideal candidate will have the ability to highlight their strengths in the following functions:
Assists State Chief Information Security Officer in the development and implementation of enterprise security strategies and plans, as well as the formulation and dissemination of standards and guidelines to manage statewide information and information asset-related risks, threats, and vulnerabilities.
Researches and evaluates new and emerging GRC services; Supports efforts, as part of the GRC development and support team responsible for design, development, and implementation of new processes, applications, and reporting using the DIR GRC system; supports the statewide clearinghouse on information security matters including policy and compliance management, risk management, incident management and data breach reporting within the enterprise governance, risk and compliance framework.
Provides program management and delivery support for Office of the State Chief Information Security Officer enterprise security program; effective in the project planning and management to implement and establish security service offerings
Researches and evaluates new and emerging security services, and is capable of developing the supporting business case for the introduction of offered services; assists in the development of statewide policy, standard, guideline and best practices for statewide guidance
Evaluates customer risks and security requirements and provides recommendations for support of the customer organization’s security program; assists communication with public officials and staff; participates and in some cases leads advisory groups
Assists in the analysis of potential statewide impact of proposed federal, state, and industry security and privacy-related policy, legislation and standards; drafts and prepares proposals for modification to statewide security policies, standards, and procedures, and advises agencies in implementing statewide security policies; collects and understands business requirements and proposes solutions that will allow DIR customers to attain automated workflows and business processes in an enterprise governance, risk and compliance framework.
Supports statewide information sharing for cyber-security incident response including appropriate classification, mitigation, response, and recovery; evaluates security incidents to assist in the development of corrective responses and risk mitigation
Graduation from an accredited four-year college or university with major course work in Business, MIS, Computer Science, Information Security, or related field
Additional equivalent years of related work experience may substitute for degree (High-school diploma and seven (7) years of experience without a degree)
EXPERIENCE AND TRAINING REQUIRED
Three (3) to five (5) years of experience in developing and implementing security services into a risk-based security program with the ability to demonstrate in-depth knowledge of policy development, risk evaluation, and cost-benefit analysis to support security program decisions
Three (3) to five (5) years of experience conducting an analysis of threat and vulnerabilities, control maturity and gap analysis, and the analysis of cybersecurity incidents and events with the ability to demonstrate the preparation and delivery of both oral and written presentations of related information
One (1) to three (3) years of experience in the design, development, and delivery of information security education, training and awareness programs
EXPERIENCE & TRAINING PREFERRED
Project management certification and training
Experience with Texas Security regulations including Texas Administrative Code § 202
Experience with Federal Information Security Management Act (FISMA) and National Institute of Standards (NIST) 800 Series Special Publications
Experience collaborating with outsourced IT service delivery organizations
One of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or equivalent
KNOWLEDGE, SKILLS, AND ABILITIES
Knowledge of data communications, networking, computer programming, and systems analysis
Knowledge of information security operations and services processes
Knowledge of principles, practices, and techniques of management controls and information security protections as applied to state government
Knowledge of Texas State government and related information technology processes
Knowledge of security metrics, benchmarking activities and expectations, and security operational monitoring processes
Ability to handle multiple projects and initiatives
Ability to prepare technical issues papers and research reports, and effectively deliver oral presentations and written reports to IT and non-IT management
Ability to advise technical staff from customer agencies
Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers
Ability to understand, follow and convey brief oral and/or written instructions
Ability to communicate both verbally and in writing; in a clear and concise manner
Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment
Ability to work under pressure and exacting schedules to complete assigned tasks
Ability to work a flexible schedule to meet required deadlines
Ability to travel as necessary to support agency requirements
Ability to comply with all agency policy and applicable laws
Ability to comply with all applicable safety rules, regulations, and standards
Proficiency in the use of a personal computer and applicable software necessary to perform work assignments e.g. word processing, spreadsheets, presentation software, and data analysis/reporting software
Frequent use of a personal computer, copiers, printers, and telephones
Frequent work under stress, as a team member, and in direct contact with others
Frequent standing, walking, sitting, listening and talking
Occasional bending, stooping, lifting and climbing