IT Security & Compliance Administrator I (CYFD/IT #7255)

$29.66 - $47.46 Hourly

$61,700 - $98,720 Annually

This position is a Pay Band ID

Posting Details

We are so pleased that you are interested in making an impact through our work at CYFD! The department thrives on dedicated, empathetic, and talented employees who ensure the well-being of the children and families in New Mexico by keeping them safe and healthy.

By joining CYFD, you'll work to find the best ways to support families through difficult situations using community-based prevention and intervention programs. Employees have teammates and a committed leadership team to support them every day.

We look forward to you joining us because caring for and supporting New Mexico's children and youth will take all of us. I know the department's mission is critical to improving the overall well-being of children in our state and, in turn, strengthening the future of New Mexico.

THIS JOB POSTING WILL BE USED FOR ONGOING RECRUITMENT AND MAY CLOSE AT ANY TIME. APPLICANT LISTS MAY BE SCREENED MORE THAN ONCE.

Why does the job exist?

The purpose of this position is to ensure the safety and security of NM CYFD information systems and technology assets, safeguarding them from intentional or inadvertent access or destruction. Additionally, this role plays a critical part in risk management, vulnerability management, threat assessment, incident mitigation and response, compliance, and promoting user security awareness.

How does it get done?

• Assist in implementing and maintaining security controls and measures to protect information systems and technology assets;

• Monitor and analyze security alerts and incidents, taking appropriate actions to mitigate potential risks;

• Conduct periodic security assessments and audits to identify vulnerabilities and recommend remediation actions;

• Collaborate with cross-functional teams to ensure compliance with regulatory requirements and industry standards;

• Assist in developing and maintaining security policies, procedures, and guidelines;

• Provide support in conducting security awareness and training programs for employees;

• Assist in responding to security incidents, conducting investigations, and implementing incident response procedures;

• Monitor and report on compliance with security policies, procedures, and regulations;

• Stay up to date with the latest security threats, vulnerabilities, and industry best practices;

• Participate in security risk assessments and assist in the development of risk mitigation strategies;

• Collaborate with external vendors and service providers to ensure compliance with security requirements;

• Assist in the review and assessment of third-party security controls and contracts;

• Contribute to the continuous improvement of security and compliance processes and procedures;

• Assist in conducting vulnerability assessments on systems and applications to identify security weaknesses;

• Assist in maintaining documentation, logs, and records related to security incidents, audits, and compliance activities;

• Assist in evaluating and selecting security tools, technologies, and vendors to enhance the organization's security posture;

• Assist in the management and resolution of security-related service requests and incidents;

• Help monitor and manage security-related vendor relationships, including assessing their security practices;

• Perform any other tasks or responsibilities related to information security as assigned.

Who are the customers?

CYFD staff and external stakeholders.

Ideal Candidate

• Relevant internships, co-op experiences, or entry-level positions in information security, compliance, or related fields;

• Familiarity with industry-standard security frameworks, such as NIST Cybersecurity Framework (CSF), HIPAA, NIST 800-53, NIST Privacy Framework, Privacy by Design Framework, ISO 27001, and/or ISO 27002;

• Basic knowledge of computer networks, information security principles, concepts, and best practices;

• Exposure to security tools and technologies, such as vulnerability scanners, SIEM systems, or firewall management;

• Experience with security incident response, including incident detection, analysis, and mitigation;

• Willingness to learn and adapt to changing security technologies and practices;

• Experience with a Security Information and Event Management (SIEM) solution, ideally Splunk;

Minimum Qualification

Associate's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security, compliance validation (e.g. HIPAA, PCI) or systems administration, network operations or end user support. Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.

Substitution Table

These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 4 years of experience OR High School Diploma or Equivalent AND 4 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 2 years of experience Associate's degree or higher in any field AND 4 years of experience 3 Bachelor's degree or higher in the field(s) specified in the minimum qualification AND 0 years of experience
• Education and years of experience must be related to the purpose of the position.

• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.

Employment Requirements

Must possess a current and valid Driver's License. Pre-employment background investigation is required and conditional pending results.

Working Conditions

Work is performed in an office setting with exposure to Visual/Video Display Terminal (VDT) and extensive phone and personal computer usage. Direct client interaction and some travel may be required.

Supplemental Information

Do you know what Total Compensation is? Click here

Agency Contact Information: Yaciel Toledo, (505) 252-0736. Email

For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.

Bargaining Unit Position

This position is covered by a collective bargaining agreement and all terms/conditions of that agreement apply and must be adhered to.