IT Security & Compliance Administrator I (DoIT #2821)
- Recruiter
- State of New Mexico
- Location
- Santa Fe, New Mexico, United States
- Salary
- USD 29.66 - 47.46 per hour
- Posted
- 28 Nov 2024
- Closes
- 01 Dec 2024
- Ref
- 322291790436218283
- Job Type
- IT Security
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
$29.66 - $47.46 Hourly
$61,700 - $98,720 Annually
This position is a Pay Band ID
Posting Details
THIS POSTING WILL BE USED FOR ONGOING RECRUITMENT AND MAY CLOSE AT ANY TIME. APPLICANT LISTS MAY BE SCREENED MORE THAN ONCE.
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
Why does the job exist?
The position will assist in monitoring of data security and implemented controls of technical, physical, and administration security of information systems. Will conduct data security remediation and contribute to cybersecurity risk mitigation.
This position will directly support the Security and Operations Center for NM State Agencies. The incumbent will contribute to surveillance and monitoring of IT Infrastructure and support appropriate responses to security incidents.
Evaluates system user access records to ensure accounts are current or terminated in a timely manner. Including review of logs and activities and notifies more senior staff of "exceptions".
How does it get done?
The position will perform audits to establish, implement, and enforce enterprise security standards and policies.
Will monitor all systems for information security abnormalities and conduct investigations in addressing them.
Collaborates with third party security agencies or companies in performing security assessments.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation.
Implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices.
Assist with investigating, evaluating, and resolving cybersecurity incidents in accordance with prescribed policies and procedures.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Detect and respond to security incidents promptly.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Track and follow up on deficiencies identified in monitoring reviews and assessments. Ensure appropriate remediation measures have been taken.
Attend daily standby meetings.
Play a role in educating employees about cybersecurity best practices and raising awareness about potential security threats. Assist with managing the cybersecurity awareness trainings.
Who are the customers?
State of New Mexico agencies.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, information security policies, standards, and industry best practices, compliance frameworks for information security.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Associate's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security, compliance validation (e.g. HIPAA, PCI) or systems administration, network operations or end user support. Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 4 years of experience OR High School Diploma or Equivalent AND 4 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 2 years of experience Associate's degree or higher in any field AND 4 years of experience 3 Bachelor's degree or higher in the field(s) specified in the minimum qualification AND 0 years of experience
• Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License, Defensive Driving Certificate and Background Investigation
Working Conditions
Work will be performed in an office environment with exposure to Visual/Video Display Terminal (VDT) and extensive telephone and personal computer usage. The person must be able to operate a computer, keyboard, and mouse. The person will work extended periods seated in front of a computer. Direct client interaction and some travel may be required. The incumbent will participate in meetings. Must be able to lift/carry up to 25 lbs, sitting, standing, bending and reaching required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Melissa Gutierrez. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$61,700 - $98,720 Annually
This position is a Pay Band ID
Posting Details
THIS POSTING WILL BE USED FOR ONGOING RECRUITMENT AND MAY CLOSE AT ANY TIME. APPLICANT LISTS MAY BE SCREENED MORE THAN ONCE.
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
Why does the job exist?
The position will assist in monitoring of data security and implemented controls of technical, physical, and administration security of information systems. Will conduct data security remediation and contribute to cybersecurity risk mitigation.
This position will directly support the Security and Operations Center for NM State Agencies. The incumbent will contribute to surveillance and monitoring of IT Infrastructure and support appropriate responses to security incidents.
Evaluates system user access records to ensure accounts are current or terminated in a timely manner. Including review of logs and activities and notifies more senior staff of "exceptions".
How does it get done?
The position will perform audits to establish, implement, and enforce enterprise security standards and policies.
Will monitor all systems for information security abnormalities and conduct investigations in addressing them.
Collaborates with third party security agencies or companies in performing security assessments.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation.
Implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices.
Assist with investigating, evaluating, and resolving cybersecurity incidents in accordance with prescribed policies and procedures.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Detect and respond to security incidents promptly.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Track and follow up on deficiencies identified in monitoring reviews and assessments. Ensure appropriate remediation measures have been taken.
Attend daily standby meetings.
Play a role in educating employees about cybersecurity best practices and raising awareness about potential security threats. Assist with managing the cybersecurity awareness trainings.
Who are the customers?
State of New Mexico agencies.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, information security policies, standards, and industry best practices, compliance frameworks for information security.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Associate's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security, compliance validation (e.g. HIPAA, PCI) or systems administration, network operations or end user support. Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 4 years of experience OR High School Diploma or Equivalent AND 4 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 2 years of experience Associate's degree or higher in any field AND 4 years of experience 3 Bachelor's degree or higher in the field(s) specified in the minimum qualification AND 0 years of experience
• Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License, Defensive Driving Certificate and Background Investigation
Working Conditions
Work will be performed in an office environment with exposure to Visual/Video Display Terminal (VDT) and extensive telephone and personal computer usage. The person must be able to operate a computer, keyboard, and mouse. The person will work extended periods seated in front of a computer. Direct client interaction and some travel may be required. The incumbent will participate in meetings. Must be able to lift/carry up to 25 lbs, sitting, standing, bending and reaching required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Melissa Gutierrez. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.