IT Security & Compliance Administrator III (DoIT #10117494+)
Santa Fe, New Mexico
Employer: State of New Mexico
Industry: Computer
Salary: $61.50 per hour
Job type: Full-Time
$38.44 - $61.50 Hourly
$79,950 - $127,920 Annually
This position is a Pay Band IF
Posting Details
This posting may be used to fill multiple positions. This posting will be used for ongoing recruitment and may close at any time. Applicant lists may be screened more than once.
The Cybersecurity Office (CSO) has the essential role and responsibility for the State of New Mexico Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyber attacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The CSO has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyber attacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional Cybersecurity Professionals.
Why does the job exist?
The position is accountable for oversight of the technical, physical, and administration security of information systems. Will be responsible for developing and implementing robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The CSO performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to formulating and executing surveillance and monitoring strategies and ensuring appropriate responses to security incidents. They will focus on developing and driving security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
How does it get done?
The position will establish, implement, and enforce enterprise security standards and policies. The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations. The position will monitor all systems for information security abnormalities and conduct investigations in addressing them. Protect the confidentiality, integrity, and availability of all sensitive and confidential data.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation. Develop and implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices. Monitor compliance with security policies, standards, guidelines, and procedures. Participate in designing secure infrastructure solutions and applications.
Assist with investigating, evaluating, and working with internal and external organizations to resolve cybersecurity incidents in accordance with prescribed policies and procedures. Experience implementing technical cybersecurity solutions to address policy requirements. Analyze and respond to security incidents and investigations. Coordinate and collaborate with third-party security agencies or contractors in performing security assessments.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training. Perform security services including audits, vulnerability scans, and penetration testing to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Review security intelligence and updates security tools to detect and block malicious IP's and signatures.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Deliver security awareness training and provide reporting on participation and compliance.
Provide input to the preparation of disaster recovery plans.
Prepare documentation for all actions taken.
Who are the customers?
The State Chief Information Security Officer, state agencies, K-12 public schools, higher educational institutions, local governments, and tribal entities.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and four (4) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience
• Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License and Background Investigation
Working Conditions
Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$79,950 - $127,920 Annually
This position is a Pay Band IF
Posting Details
This posting may be used to fill multiple positions. This posting will be used for ongoing recruitment and may close at any time. Applicant lists may be screened more than once.
The Cybersecurity Office (CSO) has the essential role and responsibility for the State of New Mexico Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyber attacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The CSO has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyber attacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional Cybersecurity Professionals.
Why does the job exist?
The position is accountable for oversight of the technical, physical, and administration security of information systems. Will be responsible for developing and implementing robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The CSO performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to formulating and executing surveillance and monitoring strategies and ensuring appropriate responses to security incidents. They will focus on developing and driving security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
How does it get done?
The position will establish, implement, and enforce enterprise security standards and policies. The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations. The position will monitor all systems for information security abnormalities and conduct investigations in addressing them. Protect the confidentiality, integrity, and availability of all sensitive and confidential data.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation. Develop and implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices. Monitor compliance with security policies, standards, guidelines, and procedures. Participate in designing secure infrastructure solutions and applications.
Assist with investigating, evaluating, and working with internal and external organizations to resolve cybersecurity incidents in accordance with prescribed policies and procedures. Experience implementing technical cybersecurity solutions to address policy requirements. Analyze and respond to security incidents and investigations. Coordinate and collaborate with third-party security agencies or contractors in performing security assessments.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training. Perform security services including audits, vulnerability scans, and penetration testing to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Review security intelligence and updates security tools to detect and block malicious IP's and signatures.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Deliver security awareness training and provide reporting on participation and compliance.
Provide input to the preparation of disaster recovery plans.
Prepare documentation for all actions taken.
Who are the customers?
The State Chief Information Security Officer, state agencies, K-12 public schools, higher educational institutions, local governments, and tribal entities.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and four (4) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience
• Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License and Background Investigation
Working Conditions
Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
Created: 2024-08-27
Reference: 147283
Country: United States
State: New Mexico
City: Santa Fe
ZIP: 87505
Similar jobs:
-
Administrative Operations Manager II/Compliance Bureau Chief (HCA/MAD #10110891)
State of New Mexico in Santa Fe, New Mexico💸 $57.75 per hour -
IT Security & Compliance Administrator I (CYFD/IT #7255)
State of New Mexico in Albuquerque, New Mexico💸 $47.46 per hour -
IT Security & Compliance Administrator II (DoIT #10117491+)
State of New Mexico in Santa Fe, New Mexico💸 $54.48 per hour