STATUS:  Contingent/Permanent                                               

NEGOTIATING UNIT:  PS&T – Professional, Scientific, and Technical (PEF)         

LOCATION:    

Division of the Chief Information Office

Bureau of Information Security Office

110 State Street, 10^th Floor                

Albany, NY 12236                

DUTIES:

• Assist with the Security Review of the Office of the State Comptroller’s (OSC’s) projects, performing risk assessments to understand the threats posed to OSC’s information assets and determining the appropriate security testing and controls required for each project to reduce or mitigate risk.
• Perform security compliance reviews and assessments against current security policies and standards.
• Maintain a list of projects and the current state of risk assent under review.
• Utilize Information Security Office (ISO) risk templates to identify and document system and infrastructure risks.
• Document security controls that mitigate risk and provide this information to the project team.
• Ensure all Authorization to Operate (ATO) and/or interim ATO documentation is completed within the allocated timeframe.
• Communicate the status of assigned projects providing management with updates on timelines, issues and risks in a timely manner.
• Determine risk level by collecting and analyzing risk data from security testing and reviews (e.g., intrusion tests, audits, etc.).
• Lead risk assessment exercises.
• Train and supervise colleagues on facilitating the risk assessment process.
• Ensure that risk assessment documentation is created, updated, and maintained.
• Support and assist business units with risk assessments.
• Review risk assessments completed by subordinates, ensuring thoroughness and accuracy.
• Plan and supervise the activities of subordinate staff to ensure duties are performed accurately, timely, and according to established priorities and division goals/strategies.
• Communicate objectives and expectations to staff by allocating resources, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
• Perform the full range of supervisory responsibilities including, but not limited to, development and completion of comprehensive performance evaluations and review of timesheets/telecommuting journals.
• Encourage professional development for team members and assist in developing training plans. Provide staff with training opportunities including on-the-job training, vendor sponsored events, and formal outside training.
• Facilitate knowledge transfer across the team.
• Promote collaboration within the organization.
• Address personnel and employee performance issues timely and with discretion.
• Ensure participation in and completion of various OSC’s training courses on time.
• Understand and ensure the adherence to all agency policies and standards.
• Inform management of progress, issues, and risks that could affect the completion of objectives, as well as requests outside of assigned duties.
• Support and supply content for the Secure System Development Framework (SSDF) on the ISO website.
• Maintain the Intranet site to ensure information is current.
• Support teams and apply SSDF objectives.
• Research security SSDF best practices for articles to include in the ISO website.
• Deliver presentations on SSDF best practices as requested.
• Oversee OSC’s Security Awareness training course, tracking participation and ensuring completion is documented for auditing purposes.
• Assist with planning and managing vendor penetration testing engagements.
• Coordinate penetration testing between OSC business units and external penetration testing agencies.
• Provide progress report and updates to all OSC business units involved.
• Oversee complete penetration testing engagements.

Preferred Knowledge, Skills, and Abilities

• Three years of experience working as an information security professional.
• Working knowledge of:
• Information Security (CIA triad, Information Classification, Risk Management, Vulnerability Management, Security Architecture).
• Information Security Frameworks (National Institute of Standard and Technology (NIST) Cyber Security Framework, Center for Internet Security (CIS) Controls, Cloud Security).
• Three years of experience in the following areas:
• Conducting risk assessments.
• Evaluating information technology systems for security controls and Secure System Development Framework (SSDF).
• Three years of experience in technical writing.
• Demonstrated critical thinking, problem solving and analytical skills.
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.
• Excellent oral and written communication skills, including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.

QUALIFICATIONS:          

For Non-competitive appointment:

You must have a Bachelor’s degree* in Information Security, Cyber Security, Digital Forensics, Information Assurance, or Information Technology related field, OR bachelor's degree with 15 credit hours in Cyber Security, Information Assurance, or Informational Technology AND two years of information security related technology experience**.

* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate degree requires an additional two years of information technology, information security, or information assurance experience.

**Experience solely in information security or information assurance may substitute for the general information technology experience.

TO APPLY:   

Please submit a clear, concise cover letter, resume, and a completed copy of this template: Template for ITS 3 (Info Sec) Item #00703 via email to recruit@osc.ny.gov  no later than December 17, 2022.  Be sure to reference Item #00703-OER-EMZ-Monster in the subject line on your cover letter for proper routing.

Human Resources mailing address:         

Office of Human Resources

110 State Street, 12^th Floor

Albany, NY 12236

Attn: Erin M. Zielinski

If you have questions about this vacancy, please contact this Division representative:

Division contact: Susan St. George, 518-408-4115