Information Technology Security Analyst III (Statewide Security Program, Multi-Factor Authentication)
Military Occupation Specialty Code:
Navy - 2778, 2779, 2783; Marines - 0681; Air Force - 17D1B
Number of Vacancies:
Office of the Chief Information Security Officer
$6,363.00 - $10,416.67/ monthly
Hours Worked Weekly:
300 W. 15th Street, Austin Tx 78701
Refer Inquiries to:
(512) 463-5920 or (512) 475-4612
HOW TO APPLY:
- Select “Apply Online” to apply for the job at https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=en
- You must create a CAPPS Career Section candidate profile or be logged in to apply
- Update your profile and apply for the job by navigating through the pages and steps
- Once ready, select “Submit” on the “Review and Submit” page.
Applicants must provide in depth information in the EXPERIENCE & CREDENTIALS section to demonstrate how they meet the position qualifications. Incomplete applications may result in disqualification.
Resumes may be uploaded as an attachment but are not accepted in lieu of the information required in the EXPERIENCE & CREDENTIALS section of the application.
Candidates will be notified for appointments as determined by the selection committee.
Section 651.005 of the Government Code requires males, ages 18 through 25 years, to provide proof of their Selective Service registration or proof of their exemption from the requirement as a condition of state employment.
EQUAL OPPORTUNITY EMPLOYER
The Department of Information Resources does not exclude anyone from consideration for recruitment, selection, appointment, training, promotion, retention, or any other personnel action, or deny any benefits or participation in programs or activities, which it sponsors on the grounds of race, color, national origin, sex, religion, age or disability. Please call 512-463-5920 to request reasonable accommodations.
The Texas Department of Information Resources serves a wide spectrum of customers by providing technology leadership, solutions, and value to State of Texas government agencies, higher education, and local government entities of all sizes to facilitate the fulfillment of their core missions and
by leveraging bulk buying power that enables eligible customers to buy IT products and services at aggressive discounts without the need for a lengthy procurement process. DIR is a fast-paced and collaborative environment with highly motivated and engaged employees dedicated to achieving the best value for the state.
A role within the Office of the State Chief Information Security Officer (OCISO) that combines progressive information security program development, implementation and management expertise with an opportunity to leverage an entrepreneurial determination to evolve information security within state government. If you are looking to be a changemaker, this role is for you!
Performs highly advanced and/or managerial (senior-level) information security analysis functions that include planning, implementing, and monitoring security program elements and services that support government organizations throughout the state of Texas in the protection of information resources. Will interact frequently with state agencies, institutions of higher education, and other governmental agency personnel using a variety of communication mechanisms to engage and deliver security services, information, and program implementation details with the purpose of engaging organizations with the statewide security program. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment. May, at times, assign and/or supervise the work of others.
WHAT WE DO
The ideal candidate will have the ability to highlight their strengths in the following functions:
- Provide governance, policy, guidance, project and program management to support the overall security posture of the State of Texas, including Its agencies, institutions of higher education, cities, counties, special districts, and other qualified governmental entities.
- Plays a key role in the OCISO by managing the development, implementation and deployment of a Statewide Multifactor Authentication strategy and any related technologies and services.
- Will be a visible figure in the State’s efforts to develop, expand, and deliver cybersecurity governance, standards, analysis, and shared services.
- Work with the rest of the OCISO team to collaboratively identify and deliver statewide security program improvements and continuously improve the security posture of the State of Texas as a whole.
- Leads the development, implementation and deployment of a Statewide Multifactor Authentication strategy and any related technologies and services. Responsible for the overall strategy, planning, development & support of the MFA solution and its associated processes. The individual in this role will provide overall implementation and direction into the MFA and potentially IAM functions across the state, including areas such as federation, access management, authentication & authorization, security and provisioning identity data.
- Assists State Chief Information Security Officer in the development and implementation of enterprise security strategies and plans, as well as the formulation and dissemination of standards and guidelines to manage statewide information and information asset related risks, threats, and vulnerabilities; assists in the preparation of presentations and reports in support of the statewide security program to be delivered to DIR Executive Management and Board of Directors, customers, and Legislative members
- Researches and evaluates new and emerging security services, and is capable of developing the supporting business case for the introduction of offered services
- Evaluates customer risks and security requirements and provides recommendations for support of the customer organization’s security program; assists communication with public officials and staff; participates and in some cases leads advisory groups
- Assists in the analysis of potential statewide impact of proposed federal, state, and industry security and privacy related policy, legislation and standards; drafts and prepares proposals for modification to statewide security policies, standards, and procedures, and advises agencies in implementing statewide security policies and adopting statewide security services; collects and understands business requirements and proposes solutions that will allow DIR customers to attain automated workflows and business processes in an enterprise governance, risk and compliance framework
- Researches and evaluates new and emerging security services and technologies; Supports efforts of peers in developing and delivering a world class security program
- Researches, identifies, evaluates, and recommends systems and procedures in the field of information security.
- Confers with agencies to discuss issues relating to information security.
- Provides project management for the implementation of training to promote security service adoption.
- May testify before legislative and interested groups on issues of public interest.
- May plan, assign, and/or supervise the work of others.
- Develops information technology disaster recovery and business continuity planning.
- Performs related work as assigned.
- Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field
- Additional years of work-related experience may be used to substitute for each year of formal education. (High School diploma or equivalent certificate required.)
EXPERIENCE & TRAINING REQUIRED
- Five (5) years of progressively responsible experience in the IT industry
- Five (5) years of progressively responsible experience in information technology security
- Two (2) years of project management or program development and implementation
EXPERIENCE & TRAINING PREFERRED
- Project management experience in an information technology environment
- Experience and training in analyzing, recommending, developing and implementing cogent enterprise wide policies, standards, and guidelines
- Experience working with state or federal IT regulatory issues and processes
- Experience in researching and documenting findings on information technology issues, processes or programs.
- Have or work towards obtaining Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), GIAC Security Essentials Certification (GSEC), or similar certification, or serve as a SME on a certification creation committee or equivalent.
KNOWLEDGE, SKILLS & ABILITIES
- Knowledge of applied “sound security” concepts, such as the principal of least privilege, the use of multi-factor authentication and identity and access management.
- Broad understanding of the cybersecurity landscape including identity management, access management, access governance, and privileged access management capabilities and methodologies
- Knowledge of generally accepted information technology standards and practices; of information technology practices; and of information technology management practices.
- Knowledge of the security limitations and capabilities of computer systems and of information security practices, procedures, and regulations
- Knowledge of security architecture and security program requirements
- Knowledge of relevant DIR IT Security Services and regulations including Texas Government Code Chapter 2059, Texas Administrative Code § 202, and other related security codes, documentation, standards, and best practices
- Knowledge of ITIL processes and standards
- Knowledge of standard concepts, practices, and procedures for computer operations and data center operations
- Knowledge of benchmarking activities and expectations
- Ability to communicate effectively using interpersonal skills and appropriate supporting technology.
- Ability to promote and support the overall mission, goals and efforts Office of the CISO and Statewide Security Program.
- Ability to learn and adapt quickly in a dynamic environment.
- Ability to manage projects to resolve complex issues in diverse and decentralized environments
- Ability to assist executives, through discussion and facilitation, in the process of evaluating and implementing security architecture and policies
- Ability to establish and maintain effective and cordial working relationships at all organizational levels, including agency management, direct supervisors, co-workers, internal and external customers
- Ability to work independently and as part of a team, and to support and contribute to a cohesive team environment
- Ability to understand, follow, and convey complex oral and/or written instructions
- Ability to communicate both verbally and in writing in a clear and concise manner
- Ability to work under pressure and exacting schedules to complete assigned tasks
- Ability to work occasional overtime and/or a flexible schedule as needed to meet required deadlines
- Ability to travel as necessary
- Ability to comply with all agency policy and applicable laws
- Ability to comply with all applicable health and safety rules, regulations, and standards
Proficiency in the use of a personal computer and applicable software necessary to perform work assignments e.g. word processing, spreadsheets (Microsoft Office preferred), project management tools (Microsoft Project preferred).
- Regular and punctual attendance
- Criminal background check
- Exposure to the standard office environment and office conditions
- Job involves moderate amount of walking daily
- Frequent use of personal computer, copiers, printers, and telephone
- Frequent sitting, listening, and talking
- Frequent work under stress, as a team member, and in direct contact with others
- Occasional bending and stooping
- Infrequent lifting and climbing
- May occasionally work extended hours
- May occasionally travel