State Of Wyoming Cheyenne , WY 82003
Posted 1 week ago
Description and Functions
Open Until Filled
GENERAL DESCRIPTION:
The Data Security Specialist/Information Security Officer (DSS/ISO) is responsible for discovering vulnerabilities and risks in networks, software systems and data centers with ongoing vulnerability scans, monitoring network data, and ensuring hardware and software security applications are updated. The specialist may lead technical cybersecurity projects, and coordinate work between multiple groups providing documentation, reports, and collaborative and integrated system security for technology solutions that support the mission and goals of the Wyoming Department of Education. The DSS/ISO will direct resources to assure agency information security compliance. In addition, the DSS/ISO position will identify and manage technology innovations and opportunities that will position the Department of Education to improve operating effectiveness while minimizing costs and enhancing security and privacy to K12 schools and districts, teachers, students, administrators, and parents.
Human Resource Contact: Jennifer Erickson / 307-275-5114 /Jennifer.Erickson1@wyo.gov
ESSENTIAL FUNCTIONS: The listed functions are illustrative only and are not intended to describe every function which may be performed at the job level.
General
Comprehends, interprets, and implements data privacy and security according to State and Federal requirements, in addition to established industry best practices to include but not limited to the U.S. Department of Education, WDE and Wyoming OCIO policies, and other related guidelines
Assist the Systems Administrator to regularly review, manage, maintain, sanitize and configure the WDE Functional Domains and associated objects
Provides expert troubleshooting skills and performs root cause analysis of WDE organizational cyber related outages to improve WDE functional system stability
Develop plans to safeguard computer files and resources against accidental or unauthorized modification, destruction, or disclosure and to meet data processing needs
Confer with users to discuss issues such as computer data access needs, security violations, and configuration changes
Modify computer security to incorporate new software, correct errors, or change individual access status
Ensure system access requests are coordinated correctly in addition to maintaining the completed access request forms for audit processes
Create a quarterly report detailing WDE's security posture while identifying any potential issues and the methods to mitigate any problems
Responsible for daily monitoring of access to ensure proper data usage and identify any abuse or unauthorized access
Develop an understanding of the needs and requirements of information end users
Exercise contingency Information Technology plans
Implement security designs and approaches to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed
Perform security reviews and risk assessments to identify security gaps in WDE applications, resulting in recommendations for inclusion into the risk mitigation strategy
Work with others to resolve computer security events, incidents and vulnerabilities
Other duties as assigned
Cybersecurity Systems Integration, Testing, Operations and Maintenance:
Maintain baseline system security according to organizational policies
Apply security policies to applications that interface with one another
Apply security policies to meet security objectives of the WDE functional applications
Apply service oriented security principles to meet the WDE's confidentiality, integrity, and availability requirements
Discover organizational trends with regard to the security posture of systems
Ensure all systems security operations and maintenance activities are properly documented and updated as necessary
Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment
Quality Control:
Schedule, coordinate, and audit the WDE technology resources in addition to providing in depth annual audit reports of the WDE data security posture as it applies to agency's applications
Establish internal security audit procedures and standards that comply with Federal and State requirements.
Provide advice and assistance with the WDE, State or third party assessments, target the WDE data security needs, establish a data security baseline, and define gap analysis priorities. The DSS/ISO will provide ongoing assessments of the overall efficiency and effectiveness of the WDE data governance initiatives.
Provide feedback on and consider the effectiveness of audit contributions to the WDE data security and internal data related initiatives.
Use lessons learned to adapt and improve audit approaches to future data audit activities.
Provide ongoing audits based on an integrated governance approach, using criteria shared with the WDE leadership based around common, accepted frameworks i.e. National Institute of Standards and Technology (NIST) Guidelines.
Assist with the development of policies and procedures based on security audit findings, in addition to assisting with risk assessments, and the tracking and investigating of data security incidents
Maintain a Compliance Management Processes and Procedures Program
The DSS/ISO will research, review, recommend and implement WDE staff cybersecurity awareness training opportunities
Cyber Event/Cyber Incident Response:
Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
Perform analysis of log files from a variety of WDE sources (e.g., individual host logs, application logs, etc.) to identify possible threats to WDE data security
Track and document WDE data security incidents from initial detection through final resolution
Collaborate/coordinate response with the OCIO and other relevant agencies
Employ approved defense- in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)
Qualifications
PREFERENCES:
Preference will be given to those with experience working within an information/cybersecurity environment with an educational entity (school, school district, department of education, etc.).
KNOWLEDGE:
Ability to assess rapidly changing cybersecurity technologies and apply them to business needs
Ability to analyze WDE project and program needs as related to cybersecurity, as well as to determine the resources needed to achieve objectives and overcome barriers
Utilize a comprehensive set of communication skills to effectively communicate with stakeholders with varying levels of technical knowledge
Ability to provide detailed project documentation, user guides, and implementation plans, and create quality WDE leadership, employee, and stakeholder presentations
Ability to work effectively as a Team Member or independently
Self-motivated, strong, and reliable work ethics
Proven time management skills; prioritize projects and tasks while maintaining a high level of quality results
Ability to work under pressure while meeting tight deadlines
MINIMUM QUALIFICATIONS:
Education:
Bachelor's Degree (typically in Computer Technology)
Experience:
1-2 years of progressive work experience (typically in Computer Technology) with acquired knowledge at the level of Project Management II
OR
Education & ExperienceSubstitution:
4-6 years of progressive work experience (typically in Computer Technology) with acquired knowledge at the level of Project Management II
Certificates, Licenses, Registrations:
None
Necessary Special Requirements
PHYSICAL WORKING CONDITIONS:
NOTES:
FLSA: Non-Exempt
Successful candidates must pass a background check
Please provide a Cover Letter and Resume with the application
Supplemental Information
077-Enterprise Technology Services - Office of Chief Information Officer
Click here to view the State of Wyoming Classification and Pay Structure.
URL: http://agency.governmentjobs.com/wyoming/default.cfm
The State of Wyoming is an Equal Opportunity Employer and actively supports the ADA and reasonably accommodates qualified applicants with disabilities.
Class Specifications are subject to change, please refer to the A & I HRD Website to ensure that you have the most recent version.
State Of Wyoming