Project Management III 2024-01228

Description and Functions

Open Until Filled

GENERAL DESCRIPTION:

The Data Security Specialist/Information Security Officer (DSS/ISO) is responsible for discovering vulnerabilities and risks in networks, software systems and data centers with ongoing vulnerability scans, monitoring network data, and ensuring hardware and software security applications are updated. The specialist may lead technical cybersecurity projects, and coordinate work between multiple groups providing documentation, reports, and collaborative and integrated system security for technology solutions that support the mission and goals of the Wyoming Department of Education. The DSS/ISO will direct resources to assure agency information security compliance. In addition, the DSS/ISO position will identify and manage technology innovations and opportunities that will position the Department of Education to improve operating effectiveness while minimizing costs and enhancing security and privacy to K12 schools and districts, teachers, students, administrators, and parents.

Human Resource Contact: Jennifer Erickson / 307-275-5114 /Jennifer.Erickson1@wyo.gov

ESSENTIAL FUNCTIONS: The listed functions are illustrative only and are not intended to describe every function which may be performed at the job level.

General

• Comprehends, interprets, and implements data privacy and security according to State and Federal requirements, in addition to established industry best practices to include but not limited to the U.S. Department of Education, WDE and Wyoming OCIO policies, and other related guidelines

• Assist the Systems Administrator to regularly review, manage, maintain, sanitize and configure the WDE Functional Domains and associated objects

• Provides expert troubleshooting skills and performs root cause analysis of WDE organizational cyber related outages to improve WDE functional system stability

• Develop plans to safeguard computer files and resources against accidental or unauthorized modification, destruction, or disclosure and to meet data processing needs

• Confer with users to discuss issues such as computer data access needs, security violations, and configuration changes

• Modify computer security to incorporate new software, correct errors, or change individual access status

• Ensure system access requests are coordinated correctly in addition to maintaining the completed access request forms for audit processes

• Create a quarterly report detailing WDE's security posture while identifying any potential issues and the methods to mitigate any problems

• Responsible for daily monitoring of access to ensure proper data usage and identify any abuse or unauthorized access

• Develop an understanding of the needs and requirements of information end users

• Exercise contingency Information Technology plans

• Implement security designs and approaches to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed

• Perform security reviews and risk assessments to identify security gaps in WDE applications, resulting in recommendations for inclusion into the risk mitigation strategy

• Work with others to resolve computer security events, incidents and vulnerabilities

• Other duties as assigned

Cybersecurity Systems Integration, Testing, Operations and Maintenance:

• Maintain baseline system security according to organizational policies

• Apply security policies to applications that interface with one another

• Apply security policies to meet security objectives of the WDE functional applications

• Apply service oriented security principles to meet the WDE's confidentiality, integrity, and availability requirements

• Discover organizational trends with regard to the security posture of systems

• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary

• Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment

Quality Control:

• Schedule, coordinate, and audit the WDE technology resources in addition to providing in depth annual audit reports of the WDE data security posture as it applies to agency's applications

• Establish internal security audit procedures and standards that comply with Federal and State requirements.

• Provide advice and assistance with the WDE, State or third party assessments, target the WDE data security needs, establish a data security baseline, and define gap analysis priorities. The DSS/ISO will provide ongoing assessments of the overall efficiency and effectiveness of the WDE data governance initiatives.

• Provide feedback on and consider the effectiveness of audit contributions to the WDE data security and internal data related initiatives.

• Use lessons learned to adapt and improve audit approaches to future data audit activities.

• Provide ongoing audits based on an integrated governance approach, using criteria shared with the WDE leadership based around common, accepted frameworks i.e. National Institute of Standards and Technology (NIST) Guidelines.

• Assist with the development of policies and procedures based on security audit findings, in addition to assisting with risk assessments, and the tracking and investigating of data security incidents

• Maintain a Compliance Management Processes and Procedures Program

• The DSS/ISO will research, review, recommend and implement WDE staff cybersecurity awareness training opportunities

Cyber Event/Cyber Incident Response:

• Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation

• Perform analysis of log files from a variety of WDE sources (e.g., individual host logs, application logs, etc.) to identify possible threats to WDE data security

• Track and document WDE data security incidents from initial detection through final resolution

• Collaborate/coordinate response with the OCIO and other relevant agencies

• Employ approved defense- in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness)

Qualifications

PREFERENCES:

Preference will be given to those with experience working within an information/cybersecurity environment with an educational entity (school, school district, department of education, etc.).

KNOWLEDGE:

• Ability to assess rapidly changing cybersecurity technologies and apply them to business needs

• Ability to analyze WDE project and program needs as related to cybersecurity, as well as to determine the resources needed to achieve objectives and overcome barriers

• Utilize a comprehensive set of communication skills to effectively communicate with stakeholders with varying levels of technical knowledge

• Ability to provide detailed project documentation, user guides, and implementation plans, and create quality WDE leadership, employee, and stakeholder presentations

• Ability to work effectively as a Team Member or independently

• Self-motivated, strong, and reliable work ethics

• Proven time management skills; prioritize projects and tasks while maintaining a high level of quality results

• Ability to work under pressure while meeting tight deadlines

MINIMUM QUALIFICATIONS:

Education:

Bachelor's Degree (typically in Computer Technology)

Experience:

1-2 years of progressive work experience (typically in Computer Technology) with acquired knowledge at the level of Project Management II

OR

Education & ExperienceSubstitution:

4-6 years of progressive work experience (typically in Computer Technology) with acquired knowledge at the level of Project Management II

Certificates, Licenses, Registrations:

None

Necessary Special Requirements

PHYSICAL WORKING CONDITIONS:

• Office Setting

NOTES:

• FLSA: Non-Exempt

• Successful candidates must pass a background check

• Please provide a Cover Letter and Resume with the application

Supplemental Information

077-Enterprise Technology Services - Office of Chief Information Officer

Click here to view the State of Wyoming Classification and Pay Structure.

URL: http://agency.governmentjobs.com/wyoming/default.cfm

The State of Wyoming is an Equal Opportunity Employer and actively supports the ADA and reasonably accommodates qualified applicants with disabilities.

Class Specifications are subject to change, please refer to the A & I HRD Website to ensure that you have the most recent version.