Information Security Official

State Of North Carolina Raleigh , NC 27611

Posted 2 months ago

Description of Work

The North Carolina Department of Health and Human Services (DHHS), in collaboration with our partners, protects the health and safety of all North Carolinians and provides essential human services.

The primary purpose of the Information Security Official position is to achieve and support program privacy, security, and continuity of operations goals, policies and practices. This position is responsible for analyzing and developing privacy, security, and continuity of operations related activities for Information Technology Division and Office of the Controller. Other job responsibilities include the following:

  • Update department BCP and COOP plan

  • Perform Business Impact Analyses

  • Conduct Access Control Reviews

  • Monitor Employee HIPAA and Security Training

  • Perform NIST and HIPAA based risk assessments

  • Review CAPS\POAMS and vulnerability scanner findings and assist with remediation

  • Respond to privacy and security incidents

  • Review security exception requests and Privacy Threshold Analyses

  • Participate in system reviews/audits while administering security policies, activities, and standards in accordance with Federal, State and Departmental (DHHS) regulations and policies affecting DHHS applications.

Salary Grade IT06; Recruitment Range: $61,972 - $88,358

Position #60037705

About the DHHS IT Division:

The NC Department of Health and Human Services (DHHS) IT Division provides enterprise information technology leadership to the department, counties, other state agencies, and their partners so that they can leverage technology, resulting in the delivery of consistent, cost effective, reliable, accessible and secure services.

Knowledge, Skills and Abilities / Competencies

To receive credit for all of your work history and credentials, you must list the information on the application form. Any information listed under the text resume section or on an attachment will not be considered for qualifying credit. Qualified applicants must document on the application that they possess all of the following:

  • Proven experience in information security

  • Experience managing vulnerability and patch reports

  • Experience with COOP\BCP plans

  • Knowledge in performance of risk assessments

  • Experience responding to security incidents

Management Preferences

  • Experience with North Carolina DHHS business and IT functions

  • Review firewall change requests

  • Demonstrated working knowledge of industry best practice i.e., NIST, ISO/IEC 27002 etc.

  • Experience with Qualys and Tenable Security Center reports and dashboards

  • Experience reviewing SOC2 Type 2 reports

  • Demonstrated working knowledge of HIPAA

  • Ability to work with others to create plans for accomplishing objectives and strategy that comply with multiple security standards

  • General understanding of computer systems and networks, application, administrative and physical security

  • Self-starter capable of understanding "big picture" concepts; enjoys accepting challenges and persists until goals are achieved

Minimum Education and Experience Requirements

Bachelor's degree in Computer Science, Computer Engineering or an Information Security degree or closely related field from an appropriately accredited institution and one year of experience in IT Security;


Bachelor's degree from an appropriately accredited institution and two years of experience in IT Security or closely related area;


Associate's degree in Information Systems Security from an appropriately accredited institution and two years of experience in IT Security or closely related area;


An equivalent combination of education and experience.

Supplemental and Contact Information

The North Carolina Department of Health and Human Services is an Equal Opportunity Employer.

Due to the volume of applications received, we are unable to provide information regarding the status of your application over the phone. To check the status of your application, please log in to your account. You will either receive a call to schedule an interview or an email notifying you when the job has been filled.

For technical issues with your applications, please call the NEOGOV Help Line at 855-524-5627. Applicants will be communicated with, via email only, for updates on the status of their application. If there are any questions about this posting other than your application status, please contact HR at 919-855-4930.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Technical Program Manager Information Security (Remote)

Citrix Systems Inc.

Posted 1 week ago

VIEW JOBS 10/20/2020 12:00:00 AM 2021-01-18T00:00 We believe work is not a place, but rather a thing you do. Our technology revolves around this core philosophy. We are relentlessly committed to helping people work and play from anywhere, on any device. Innovation, creativity and a passion for ever-improving performance drive our company and our people forward. We empower the original mobile device: YOU! What we're looking for: Are you a passionate, results-oriented Cybersecurity Technical Program Manager with strong analytical and planning skills and a broad technical understanding of security domains? You the Cybersecurity Technical Program Manager will specialize in the Secure Development Lifecycle and Secure Product Delivery. You will report to the CISO's Chief of Staff and play a key role in highly visible and cross-functional cybersecurity initiatives relating to security engineering, product security, software development, and more. You will manage several priority projects to drive security resiliency across Citrix products and infrastructure. Position Overview You will plan and coordinate all aspects of information security projects from initiation to delivery. Program and projects often involve security architecture, engineering, operations, response, testing, policy, and the like. You will coordinate work performed by security, cross-functional teams including IT and Engineering, and internal customers/partners by defining project requirements, perform feasibility and needs/impact assessments. You will develop detailed project plans and manages all implementation processes including resource allocation, technology deployment, progress tracking, monitoring change control process, testing, documentation, and on-time delivery within budget constraints and target dates. Projects may vary in number, size, and complexity. Role Responsibilities * Manage end-to-end security programs across business units. * Oversee multiple priority initiatives concurrently, tracking progress, and promoting accountability to deliverables and timelines. * Drive security issues to resolution through continuous engagement with internal stakeholders including engineering, operations, and shared services. * Lead initiatives to streamline, automate and scale to meet the challenges of an evolving threat landscape * Measure progress and performance of the progress to track and report relevant KPIs, KRIs, and KCIs. Provide metrics and dashboards to report the health of the programs to internal stakeholders and executives. * Collaborate with Technical Program Managers within the Office of the CISO and across other departments to programs and operational processes with security programs. * Coach contributors and leaders in agile program management methodologies. Preferred Qualifications * 5+ years' experience managing complex programs spanning multiple technology teams and stakeholder groups * 3+ years working a technical leadership role, with prior hands-on experience a significant advantage * SAFe SPC, Scrum Master Certification, PMP * In-depth knowledge of information security, concentrated in SDL, security engineering, penetration testing, and vulnerability management * Requires solid program management skills, ability to multitask and manage multiple projects in a cross-functional environment. * Requires excellent communication, interpersonal, organizational, and team-building skills, business judgment, and proven expertise in directing the efforts of technical staff. In-depth knowledge of business functions and extensive understanding of business operations, strategies, and objectives. * In-depth knowledge of agile methodology with 3+ years' experience as a Scrum Master, Product Owner, or Agile Coach. * Well-versed in project management tools such as Jira and Confluence. * Experience with security frameworks such as CIS, NIST Cybersecurity Framework, and ISO. * Security Certification is a plus. Basic Qualifications * Requires deep knowledge of job areas obtained through advanced education combined with experience. * May have a broad knowledge of project management. * Requires a University Degree or equivalent experience and minimum 5 years of prior relevant experience; or Master's degree with 3 years; or Ph.D. without experience. #LI-AP3 What you're looking for: Our technology is built on the idea that everyone should be able to work from anywhere, at any time, and on any device. It's a simple philosophy that guides everything we do - including how we work. If you're an engineer, we'll give you plenty of ways to test your skills on cutting edge technology. We want employees to do what they do best, every day. Be bold. Take risks. Imagine a better way to work. If this sounds like you then we'd love to talk. Functional Area: Security Technical Project Management About us: Citrix is a cloud company that enables mobile workstyles. We create a continuum between work and life by allowing people to work whenever, wherever, and however they choose. Flexibility and collaboration is what we're all about. The Perks: We offer competitive compensation and a comprehensive benefits package. You'll enjoy our workstyle within an incredible culture. We'll give you all the tools you need to succeed so you can grow and develop with us. Citrix Systems, Inc. is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, sexual orientation, gender identity, ethnicity, national origin, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions, marital status, protected veteran status and other protected classifications. Citrix uses applicant information consistent with the Citrix Recruitment Policy Notice at Citrix welcomes and encourages applications from people with disabilities. Reasonable accommodations are available on request for candidates taking part in all aspects of the selection process. If you are an individual with a disability and require a reasonable accommodation to complete any part of the job application process, please contact us at (877) 924-8749 or email us at for assistance. If this is an evergreen requisition, by applying you are giving Citrix consent to be considered for future openings of other roles of similar qualifications. Citrix Systems Inc. West Raleigh NC

Information Security Official

State Of North Carolina