Security and Compliance

Description

Jobs in this family are accountable for the development, implementation, and monitoring of tools and processes that protect the confidentiality, integrity, and security of all State information technology (IT) systems and compliance with all relevant laws and policies.

Typical functions

The functions within this job family will vary by level, but may include the following:

  • Detect and resolve security threats to State IT systems.
  • Monitor systems for intrusions.
  • Implement security safeguards.
  • Maintain data integrity and security.
  • Investigate information technology security breaches.
  • Assist with security reviews and audits.
  • Guide remediation of security vulnerabilities.

The work assigned to positions in this series ranges from monitoring data for potential breaches to conducting forensic information technology investigations.

Cybersecurity Technician

This is a first-level security and compliance position that works within the framework of established security and compliance policies and procedures. Conducts monitoring of data security and implements controls as directed. Assists in firewall configuration. Guides data security remediation such as security patching. Reviews data logs and activities and notifies more senior staff of “exceptions.” Delivers security awareness training. Provides input to the preparation of disaster recovery plans. Prepares documentation for all actions taken.

Knowledge, skills & abilities

Knowledge of IT security issues and resolutions. Ability to learn and apply concepts. Ability to follow technical direction. Ability to problem-solve and apply analytical skill in resolving issues.

Typical qualifications

Associate degree and 0-2 years of relevant experience. (Substitutions may be allowed.)

Pay grade
IT5

Cybersecurity Analyst

This is a second-level security and compliance position accountable for performing a wide range of security procedures and processes necessary to ensure the safety of information systems and assets, and protecting systems and data from intentional or inadvertent access or destruction. An employee in this position ensures that users understand and adhere to the necessary procedures and processes to maintain security. Conducts and supports audits for regulatory and standards compliance. Provides input into the development of security policies. Participates in the preparation of disaster recovery plans. Designs and delivers security compliance training. Conducts IT data and security forensic investigations. Provides advice to management on balance between business needs and data security. Provides moderately complex technical support in relevant field of discipline. May serve as project lead and/or provides technical direction to lower level team members.

Knowledge, skills & abilities

In addition to those identified in the previous level: Knowledge of IT forensic concepts, domain structures, user authentication, and digital signatures. Knowledge of intrusion detection methods and techniques, and internet architecture. Ability to think methodically and critically. Ability to recognize security intrusions and take appropriate action. Ability to research and identify causes of security breaches.

Typical qualifications

Bachelor’s degree and 3-7 years of IT experience with emphasis in security and compliance. (Substitutions may be allowed.)

Pay grade
IT7

Cybersecurity Specialist

This is a professional security and compliance position accountable for performing a wide range of complex security procedures and processes necessary to ensure the safety of information systems and assets, and protect systems and data from intentional or inadvertent access or destruction. Ensures that users understand and adhere to the necessary procedures and processes to maintain security. Conducts the most complex audits for regulatory and standards compliance. Provides input into the development of security policies. Prepares disaster recovery plans. Designs and delivers high-level security compliance training. Conducts complex IT data and security forensic investigations Provides advice to management on balance between business needs and data security. Provides complex technical support in relevant field of discipline. Serves as a project lead and/or provides technical direction to lower-level team members. Mentors less experienced staff.

Knowledge, skills & abilities

In addition to those identified in the previous levels: Knowledge of state’s networking environment. Skill in recognizing security intrusions and taking appropriate actions. Skill in analyzing and correlating data, and noticing patterns and discrepancies.

Typical qualifications

Bachelor’s degree and 5-8 years of IT experience with emphasis in security and compliance (Substitutions may be allowed.)

Pay grade
IT8

Senior Cybersecurity Specialist

A supervisory position at this level is accountable for the technical, physical, and administrative security of information systems. Typically supervises a small team of information security staff. Ensures security protocols and procedures are followed and standards are met. Frequent liaison with Cybersecurity Manager to ensure work is performed in accordance with enterprise security standards. Mentors information security staff.

A specialist position at this level performs highly complex assignments involving multiple small platforms or a singular large platform. Accountable for application security, validation, evaluation and implementation. Works on and solves highly complex problems where analysis requires in-depth evaluation of various factors. Provides highly complex technical support in relevant field of discipline. May serve as project lead and/or provides technical direction to lower-level team members.

Knowledge, skills & abilities

In addition to those identified in the previous levels: Knowledge of multiple platforms. Skill in collaborating with and providing guidance to staff. 

Typical qualifications

Bachelor’s degree and 5-8 years of IT experience with emphasis in security and compliance. (Substitutions may be allowed.)

Pay grade
IT9

Cybersecurity Manager

This is a managerial position accountable for oversight of the technical, physical, and administrative security of information systems in assigned functional areas. Oversees the development and deployment of security technology and processes in a designated functional area. Ensures data is safe from alteration and erasure. Manages the workload and deliverables for assigned resources. Oversees training of employees in data security. Responsible for assisting the Chief Information Officer (CIO) with strategic planning and direction.

Knowledge, skills & abilities

In addition to those identified at the previous levels: Skill in communicating with technical experts, clients, vendors, and staff. Ability to mentor and promote skill development of staff.

Typical qualifications

Bachelor’s degree and 5-8 years of IT experience with emphasis in security and compliance. (Substitutions may be allowed.)

Pay grade
IT11