Risk & Compliance Analyst (Information Systems Analyst II Option A)

Position Title: Information Systems Analyst II Option A

Agency : Department of Innovation and Technology

Posting Date: 06/11/2024

Closing Date: 06/26/2024

Salary: $7,491 to $11,015 monthly (Effective 07/01/2024)

Job Type: Salaried

County: Sangamon

Number of Vacancies: 1

Plan/BU: RC063

This position is a union position; therefore, provisions of the relevant collective bargaining agreement/labor contract apply to the filling of this position.

All applicants who want to be considered for this position MUST apply electronically through the illinois.jobs2web.com website. State of Illinois employees should click the link near the top left to apply through the SuccessFactors employee career portal.

Applications submitted via email or any paper manner (mail, fax, hand delivery) will not be considered.

Proof of educational coursework is required. Acceptable proof of coursework includes unofficial transcripts, copies of official transcripts, account records (including screenshots) of academic coursework, and any similar documents created by an academic institution.

Posting Identification Number 38601

Position Overview

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment. This position serves as a Risk & Compliance Analyst for the Business Alignment Section. In this role you will collaborate with multiple application owners and agency's auditors on variety of audit requests, including analyzing request for existing or new development, communicate on findings, implement corrective action plan (CAP), create/update new compliance process/procedure or standard. This position will also lead disaster recovery exercises for customer centric business-critical applications and conduct area governance meetings pertaining to audit and compliance for the division as subject matter expert (SME).

If you possess these knowledges, skills, abilities, and experience, we invite you to apply for this position to join the DoIT Team!

As a State of Illinois employee, you receive a comprehensive benefits package including:

• Competitive Group Insurance benefits including health, life, dental and vision plans

• Flexible work schedules (when available and dependent upon position)

• 10 -25 days of paid vacation time annually (10 days for first year of state employment)

• 12 days of paid sick time annually which carryover year to year

• 3 paid personal business days per year

• 13-14 paid holidays per year dependent on election years

• 12 weeks of paid parental leave

• Pension plan through the State Employees Retirement System

• Deferred Compensation Program - voluntary supplemental retirement plan

• Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)

• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility

For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

Essential Functions

35% Under administrative direction, serves as a Risk & Compliance Analyst for the Department of Innovation & Technology (DoIT):

• Performs complex professional and advisory functions in the Business Alignment Section.

• Plans, organizes, and performs audit analysis, design analysis, and support of computer-based management information systems to ensure alignment with senior management's overall goals and objectives.

• Assists management in defining and documenting the organization's approach to audit, including objectives, scope, and the governance structure.

• Collaborates with internal auditors and various departments/divisions pertaining to different audits.

• Conducts internal assessment of existing processes, policy, and recommends updates.

• Performs technical investigation and research for functions and phases of systems development including systems analysis and design, testing of different technical approaches to solve complex problems, and the re-designing of existing computer systems and business processes, both internally and externally.

• Consults with agency management on feasibility and effectiveness of alternatives for system changes.

• Provides analysis of Information Technology concepts, principles, theories and functions of computer systems, and the principles and techniques of information technology documentation.

• Utilizes system development life cycle (SDLC) processes and methods, procedures, and techniques of conducting feasibility studies for system conversions and enhancements.

• Utilizes Microsoft Word, Excel, Visio, SharePoint Lists, SharePoint Document Libraries, and National Institute of Standards and Technology (NIST) standards, frameworks, and best practices in the performance of duties.

25% Conducts IT compliance reviews to provide technical advice regarding recovery planning for assigned systems, including large-scale requests for application development:

• Reviews existing systems and business processes for external and internal audit reviews to assess the effectiveness of risk management and compliance programs.

• Identifies potential risks associated with government operations and programs, conducts compliance assessments to evaluate the impact and likelihood of identified risks, and develops and implements strategies to mitigate and manage risks effectively.

• Develops and updates internal policies and procedures to ensure compliance with regulations and to manage risks.

• Participates in System and Organization Controls 1 (SOC 1), SOC 2, Social Security Administration (SSA), Criminal Justice Information Services (CJIS), Individual Retirement Account (IRA) and security audits.

• Communicates and interprets policies to relevant stakeholders to ensure understanding and adherence.

• Establishes monitoring mechanisms to track compliance with policies and regulations, ensuring that backup systems, redundant infrastructure, and other recovery mechanisms are in place and functioning correctly.

• Prepares reports on compliance status and risk assessments for management and regulatory authorities.

• Develops and implements internal control mechanisms to safeguard against non-compliance and mitigate risks.

• Collaborates with agencies internal and external auditor and provides accurate and complete audit information to auditors.

• Participates in governance processes.

• Participates in enterprise Disaster Recovery (DR) exercises and ensures recovery time objectives (RTO) and recovery point objectives (RPO) for critical systems and data are met.

• Participates in DR and tabletop exercises and provides reports to senior management and stakeholders.

Essential Functions Continued

15% Conducts extensive compliance reviews of information technology practices and processes:

• Develops and composes reports of findings, making recommendations to facilitate improvement.

• Follows-up of corrective action plan (CAP) to ensure successful implementation.

15% Collaborates with application owners and provides requested information to internal and external auditors:

• Conducts governance meetings of new applications and shared compliance best practices.

• Plans, coordinates, and executes DR exercises of large IT systems.

5% Keeps abreast of new developments in the Information Technology field:

• Continues education by attending meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.

• Attends demonstrations and exhibitions related to assigned operations.

5% Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.

Minimum Qualifications

• Requires knowledge, skill, and mental development equivalent to completion of four (4) years of college with course work in computer science or directly related fields.

• Requires three (3) years of professional experience in Application Systems, Infrastructure Maintenance and Operations, Information Security, or a related Information Technology field.

Specialized Skills

• Requires three (3) years of professional experience conducting IT audits for System and Organization Controls 1 (SOC 1), SOC 2, Social Security Administration (SSA), Criminal Justice Information Services (CJIS), Individual Retirement Account (IRA) and security audits, while utilizing IT regulation processes, procedures, and auditing standards.

• Requires three (3) years of professional experience utilizing Software Development Life Cycle (SDLC) for system conversions and enhancements.

Preferred Qualifications

• Three (3) years of professional experience conducting IT audits for System and Organization Controls 1 (SOC 1), SOC 2, Social Security Administration (SSA), Criminal Justice Information Services (CJIS), Individual Retirement Account (IRA) and security audits, while utilizing IT regulation processes, procedures, and auditing standards.

• Three (3) years of professional experience utilizing Software Development Life Cycle (SDLC) for system conversions and enhancements.

• Three (3) years of professional experience with the construction of documentation utilizing Microsoft Suite, including Word, Excel, Visio, SharePoint Lists, or SharePoint Document Libraries.

• Three (3) years of professional experience in conducting disaster recovery exercises of large IT systems.

• Extensive knowledge of IT system, audit & compliance, security threats and vulnerabilities.

• Ability to identify the methods of resolution and options for corrective action.

• Extensive knowledge of the National Institute of Standards and Technology (NIST) standards, frameworks, and best practices.

• Ability to analyze data logically and exercise sound judgement in defining and evaluating problems of an operational or procedural nature.

• Developed verbal and written communication skills to present technical information to large and small audience with clarity and precision.

• Professional certification: Certified Information Systems Auditor (CISA)

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

• Requires the ability to verify identity.

• Requires employment authorization to accept permanent full-time position with the State of Illinois.

• Requires the ability to pass a position specific, agency required background check.

• Requires self-disclosure of criminal history.

• Requires the ability to travel in performance of duties.

• Requires the ability to work outside of normal hours to meet deadlines.

• Requires the ability to use agency supplied equipment such as laptop, personal computer, work cell phone, etc.

• Requires the ability to attend seminars, conferences and training to remain current on methods, tools, ideologies, or other industry related topics relevant to job duties.

• Requires the ability to lift and carry objects or equipment weighing up to 10 pounds This is considered light work as defined by the U.S. Department of Labor (20 CFR 404.1567(b)). Light work involves lifting no more than 20 pounds at a time with frequent lifting or carrying of objects weighing up to 10 pounds.

The conditions of employment listed are incorporated and/or related to any duties included in the position description.

About the Agency

The Department of Innovation & Technology (DolT) is the state's IT agency delivering an enterprise approach to statewide technology, innovation and telecommunication services, as well as policy and standards development, lifecycle investment planning, and cybersecurity services. With over 1,500 employees, DolT delivers IT services and innovative solutions to customer agencies to improve services provided to Illinois residents, DolT offers employees the opportunity to advance their careers, develop new skills and reach their potential, both personally and professionally. DoIT is committed to promoting and preserving a workplace culture that embraces diversity and inclusion. We welcome and value employees with different backgrounds, life experiences and talents. It is the collective sum of our individual differences that provides a broad perspective, leading to greater innovation and achievement. In recruiting for our team, we recognize the unique contributions of each applicant regardless of culture, ethnicity, race, national origin, sex, gender identity and expression, age, religion, disability, and sexual orientation.

Work Hours: 8:30am to 5:00pm M-F

Work Location: 300 W Jefferson St Springfield, IL 62702-5041

Agency Contact:

Elizabeth Bridges

elizabeth.bridges@illinois.gov

Posting Group: Science, Technology, Engineering & Mathematics

This position DOES contain "Specialized Skills" (as that term is used in CBAs).

APPLICATION INSTRUCTIONS

Use the "Apply" button at the top right or bottom right of this posting to begin the application process.

If you are not already signed in, you will be prompted to do so.

State employees should sign in to the career portal for State of Illinois employees - a link is available at the top left of the Illinois.jobs2web.com homepage in the blue ribbon.

Non-State employees should log in on the using the "View Profile" link in the top right of the Illinois.jobs2web.com homepage in the blue ribbon. If you have never before signed in, you will be prompted to create an account.

If you have questions about how to apply, please see the following resources:

State employees: Log in to the career portal for State employees and review the Internal Candidate Application Job Aid

Non-State employees: on Illinois.jobs2web.com - click "Application Procedures" in the footer of every page of the website.

The main form of communication will be through email. Please check your "junk mail", "spam", or "other" folder for communication(s) regarding any submitted application(s). You may receive emails from the following addresses:

• donotreply@SIL-P1.ns2cloud.com
• systems@SIL-P1.ns2cloud.com

Nearest Major Market: Springfield