174660
IT STATEWIDE INFOSEC OFFICER 2
TS317 $70,138 - $126,256
Creation Date: 01/31/2022
Change Date: 01/01/2025
FUNCTION OF WORK:To serve as a technical lead relative to information security for statewide information technology systems.
LEVEL OF WORK:SUPERVISION RECEIVED:Direct from a higher-level IT Statewide professional with assigned supervisory responsibilities. May also receive supervision on a project basis from other IT Statewide professionals. Other reporting relationships may be approved by SCS.
SUPERVISION EXERCISED:May provide direct or functional supervision over lower-level IT Statewide personnel. Other reporting relationships may be approved by SCS.
JOB DISTINCTIONS:Differs from IT Statewide InfoSec Officer 1 by the presence of serving as a technical lead relative to information security for statewide information technology systems of greater complexity.
Differs from IT Statewide InfoSec Officer 3 by the absence of expert-level responsibility relative to information security for a highly complex statewide information technology system.
CORE COMPETENCIES: CORE COMPETENCIES HAVE NOT BEEN IDENTIFIED BY STATE CIVIL SERVICE FOR THIS JOB TITLE.
MORE INFORMATION ON THE SCS COMPETENCY MODEL CAN BE FOUND
HERE.
EXAMPLES OF WORK:EXAMPLES BELOW ARE A BRIEF SAMPLE OF COMMON DUTIES ASSOCIATED WITH THIS JOB TITLE. NOT ALL POSSIBLE TASKS ARE INCLUDED.
Provides technical expertise and serves as point of authority on matters of greater complexity related to information security by identifying and reducing security risks, as well as ensuring that regulatory compliance requirements are met.
Provides information security risk management services by conducting internal risk and security assessments of network systems and applications of greater complexity either independently or by coordinating through third party sources.
Reviews and approves elevated user permission requests.
Reviews data transfer requests of greater complexity to ensure that the required level of security is applied for the data classification level.
Plans, designs, implements, documents, and validates security solutions for information technology systems of greater complexity.
Develops, recommends, and implements system controls and methodologies for information security systems of greater complexity.
Researches, reviews, and evaluates security related technologies, processes, and approaches.
Applies knowledge of information security best practices and standards to ensure privacy, security, and administrative regulatory compliance with federal, state, and local requirements for systems of greater complexity.
Prepares reports and other deliverables that contain strategy, technical analysis, control failures, security gaps, and audit findings relative to information security for statewide information technology systems of greater complexity.
Provides remediation guidance to stakeholders and tracks remediation activities.
Creates and maintains Plans of Action and Milestones (POA&M) by crafting and documenting remediation plans for information system deficiencies.
Develops training to ensure information security awareness for employees, contractors, and other information technology system users.
Coordinates with key stakeholders to ensure that information security policies and standards relative to privacy, risk, audit and compliance are uniformly applied across all technology projects, systems, and services.
QUALIFICATION REQUIREMENTS:MINIMUM QUALIFICATIONS:
Seven years of experience in information technology; OR
Six years of full-time work experience in any field plus five years of experience in information technology; OR
An associate's degree in information technology plus five years of experience in information technology; OR
A bachelor's degree plus five years of experience in information technology; OR
A bachelor's degree with twenty-four semester hours in an information technology, computer science, engineering, mathematics, or business analytics field plus four years of experience in information technology; OR
A master's degree plus four years of experience in information technology.
EXPERIENCE SUBSTITUTION:
Every 30 semester hours earned from an accredited college or university will be credited as one year of experience towards the six years of full-time work experience in any field. The maximum substitution allowed is 120 semester hours which substitutes for a maximum of four years of experience in any field.
NOTE:
A certification in an approved area may be substituted for the education and/or experience requirements at the time of hire or promotion, provided the appointment is made from a Certificate of Eligibles.