Senior Cybersecurity Risk Analyst

THIS POSITION MAY BE ELIGIBLE FOR A HYBRID WORK SCHEDULE. THE AMOUNT OF TELEWORK IS AT THE DISCRETION OF THE DEPARTMENT AND IS SUBJECT TO CHANGE AS BUSINESS NEEDS ARISE.

Are you looking for a fast-paced and challenging position that will provide you with extremely valuable cybersecurity experience? The Employment Development Department (EDD) is looking for highly motivated and qualified individuals to support our cybersecurity risk management services. The Senior Risk Assessment Analyst (SRA) is a highly technical security analyst who performs targeted risk assessments, produces quality professional work products that follow security best practices. The SRA Works with system owners to plan, schedule and perform information technology penetration tests, develop, updates and maintains system security plans, Risk Register Plan of Action and Milestone, system and process security risk assessments and prepares certification and accreditation packages.

The Senior Risk Assessment Analyst :

• Applies IT risk management best practices, threat modeling, penetration red/blue team testing, secure architecture. Focuses on using secure-by-design and security-first principles to reduce potential risk events.
• Assesses, advises and consults on all things risk management, adequacy of security controls and describes how the controls are employed within the information system and technical environments.
• Research and documents cybersecurity defense techniques, guidance, hazards and threats in order to proactively prepare for and prevent risk events.
• Serves as lead in performing targeted risk assessments utilizing penetration testing tools and techniques. Determines whether controls are working as intended and proposes configuration, design changes and/or additional controls.
• Documents findings in a risk assessment report, tracks risk items in risk register, corrective action plan and risk treatment plans
• Works with system owners to develop and maintain system security plans. Prepares system certifications or recertifications and accreditation documentation.
• Continuously assesses security posture, works collaboratively with large multi-discipline teams
• Provides consultation and expertise in multiple IT domains to ensure compliance with enterprise IT security policies, control agency mandates, and cybersecurity best practices.

This position may be eligible for a hybrid work schedule. The amount of telework is at the discretion of the Department and is subject to change as business needs arise. Employees are required to report to their headquarters office on their assigned in-office days. Travel expenses to and from the assigned headquarters are the responsibility of the employee.

Position exists in Sacramento, CA ARU 390

If you have questions about the actual position, please contact the "Hiring Unit Contact" listed below under Contact Information.

You will find additional information about the job in the Duty Statement .

Working Conditions

Visa Sponsorship

This position is not eligible for visa sponsorship. Applicants must be authorized to work in the US without the need for visa sponsorship by the start date of employment.
Typical Office Environment

Benefits of working at this location include:

• Close to major freeways, light rail, and transit stops
• Enclosed bicycle parking
• Close to downtown shopping and restaurants
• Close to the Golden1 Center

Minimum Requirements You will find the Minimum Requirements in the Class Specification.

• INFORMATION TECHNOLOGY SPECIALIST II

Additional Documents

• Job Application Package Checklist
• Duty Statement

Position Details Job Code #:
JC-451624

Position #(s):
280-390-1414-005

Working Title:
Senior Cybersecurity Risk Analyst

Classification:
INFORMATION TECHNOLOGY SPECIALIST II $8,374.00 - $11,220.00 A

# of Positions:
1

Work Location:
Sacramento County

Telework:
Hybrid

Job Type:
Permanent, Full Time

Work Shift:
8:00 am - 5:00 pm

Work Week:
Monday-Friday

Department Information The Employment Development Department (EDD) is one of the largest State departments with employees at hundreds of service locations. For more than 70 years, the EDD has connected millions of job seekers and employers in an effort to build the economy of the Golden State. In order to continue our mission, we are constantly looking for the best and the brightest to join our ranks. Working at EDD presents many opportunities. If you strive to make a difference, we invite you to seek a career with EDD.
Department Website: http://www.edd.ca.gov

Special Requirements

It is strongly encouraged to apply through your CalCareer Account at www.calcareers.ca.gov .

Please only submit ONE application. Electronic applications submitted through your CalCareer Account are highly recommended and will be received/processed faster than other methods of filing.

If you are unable to apply electronically through your CalCareer account, please mail a completed and signed State Examination/Employment Application STD Form 678 and application package to the mailing address provided in the "Application Instructions' section below and ensure the following:

• Clearly indicate the Job Code #, Position Number and the Classification Title of this position in the "Examination or Job Title(s) For Which You Are Applying" section located on Page 3 of your State Examination/Employment STD Form 678.
• Clearly indicate the basis of your eligibility (list, transfer, reinstatement, etc.) in the "Explanations" section located on Page 3 of your State Examination/Employment Application STD Form 678.
• Remove and do not submit the "Equal Employment Opportunity" questionnaire (Page 10) with your completed State Examination/Employment Application STD Form 678. This page is for examination use only.
• Do not include your full Social Security Number on your documents and/or do not provide any LEAP information.

Examination/Assessment

To apply for this position, you must obtain list eligibility by taking and passing the examination. If you already have list eligibility for this classification, you do not need to retake the examination unless your list eligibility has expired.

Click the examination link below for more information and to take the exam:

Information Technology Specialist II Bulletin

For more information about the State hiring process, click here . To watch tutorials on how to apply for a State job, click here .

Application Instructions
Completed applications and all required documents must be received or postmarked by the Final Filing Date in order to be considered. Dates printed on Mobile Bar Codes, such as the Quick Response (QR) Codes available at the USPS, are not considered Postmark dates for the purpose of determining timely filing of an application.
Final Filing Date: 10/17/2024
Who May Apply
Individuals who are currently in the classification, eligible for lateral transfer, eligible for reinstatement, have list or LEAP eligibility, are in the process of obtaining list eligibility, or have SROA and/or Surplus eligibility (please attach your letter, if available). SROA and Surplus candidates are given priority; therefore, individuals with other eligibility may be considered in the event no SROA or Surplus candidates apply. Individuals who are eligible for a Training and Development assignment may also be considered for this position(s).

Applications will be screened and only the most qualified applicants will be selected to move forward in the selection process. Applicants must meet the Minimum Qualifications stated in the Classification Specification(s).

How To Apply
Complete Application Packages (including your Examination/Employment Application (STD 678) and applicable or required documents) must be submitted to apply for this Job Posting. Application Packages may be submitted electronically through your CalCareer Account at www.CalCareers.ca.gov. When submitting your application in hard copy, a completed copy of the Application Package listing must be included. If you choose to not apply electronically, a hard copy application package may be submitted through an alternative method listed below:

Address for Mailing Application Packages

You may submit your application and any applicable or required documents to:

Employment Development Department
Mail In Address
Attn: Job Control #451624
Human Resource Services Division, MIC 54
PO Box 826880
Sacramento , CA 94280-0001

Address for Drop-Off Application Packages

You may drop off your application and any applicable or required documents at:

Employment Development Department
Drop Off Address
Attn: Job Control #451624
EDD/Human Resource Services Division (6th floor solar)
722 Capitol Mall
Sacramento , CA 95814

08:00 AM - 04:30 PM

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at www.CalCareers.ca.gov. All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is required and must be included.
• Statement of Qualifications - A Statement of Qualifications (SOQ) is Required. Please see "Statement of Qualifications Requirements" section for more information about the SOQ.

Applicants requiring reasonable accommodations for the hiring interview process must request the necessary accommodations if scheduled for a hiring interview. The request should be made at the time of contact to schedule the interview. Questions regarding reasonable accommodations may be directed to the EEO contact listed on this job posting.

Desirable Qualifications In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
Advanced level technical and analytical skills and experience in:

• Experience conducting pen testing, red/blue team.
• Excellent technical writing and verbal communication skills.
• Experience as a technical security lead on large and complex projects.
• Analytical and complex problem-solving skills are highly desirable.
• Experience with identifying and tracking technology related risks, treatment plans and areas of non-compliance through the SDLC.
• Experience gathering security requirements (high, mid-level and detailed design), building security into system design, build, test and documenting.
• Experience with conducting software security evaluations.

One or more of the following certifications are desired:
CISA, CRISC, CISSP, CISM, CEH, CPENT, GPEN, Pentest+

Benefits Benefit information can be found on the CalHR website, www.calhr.ca.gov , and the CalPERS website, www.calpers.ca.gov .

Contact Information
The Hiring Unit Contact is available to answer questions regarding the position or application process.
Department Website: http://www.edd.ca.gov
Hiring Unit Contact:
Manrajpreet Atwal
(916) 654-7532
Manrajpreet.Atwal@edd.ca.gov

Please direct requests for Reasonable Accommodations to the interview scheduler at the time the interview is being scheduled. You may direct any additional questions regarding Reasonable Accommodations or Equal Employment Opportunity for this position(s) to the Department's EEO Office.
EEO Contact:
EEO Officer
(916) 654-8434
Accessibility@edd.ca.gov.
California Relay Service: 1-800-735-2929 (TTY), 1-800-735-2922 (Voice) TTY is a Telecommunications Device for the Deaf, and is reachable only from phones equipped with a TTY Device.

Statement of Qualifications Requirements
A Statement of Qualifications (SOQ) is Required. The SOQ serves as documentation of each candidate's ability to present information clearly and concisely in writing. The SOQ will be considered the first phase of the hiring process for this position. If your qualifications are competitive, you may be invited to an interview.

The SOQ should be typed and not more than two pages in length, not less than 12-point font, single-spaced, with margins not less than one inch, including your first and last name at the top of the page, and must include a response to both statements below, including specific examples:Refer to the position description and duty statement to prepare your response.

Describe the steps you would take to perform a targeted information system risk assessment. What tools and techniques would you use?

Describe your experience developing system security plans and system certification and accreditation?

A Statement of Qualifications (SOQ) is Required. The SOQ serves as documentation of each candidate's ability to present information clearly and concisely in writing. The SOQ is not a resume or cover letter. Resumes and/or Cover Letters DO NOT take the place of the SOQ. Applications received without an SOQ may not receive further consideration and may be excluded from the hiring process.

Background Investigation Requirement

The position(s) may require an applicant to pass a background investigation. However, applicants will not be asked to provide information about a conviction history unless they receive a conditional offer of employment.

The department will make an individualized assessment of whether the conviction history has a direct or adverse relationship with the specific duties of the job and the work performed by the department. The department will consider potential mitigating factors, including, but not limited to, evidence and extent of rehabilitation, recency, nature and seriousness, and age at the time of the offense(s).

The investigation will consist of completion of a personal history statement and fingerprinting checks with the Federal Bureau of Investigation, Department of Justice, and/or local law enforcement agencies. Anyone failing to pass the background investigation will be provided information on how to appeal the process. A criminal conviction may not result in an automatic determination of "Not Qualified."

ADDITIONAL DEPARTMENT INFORMATION

The Employment Development Department may require a new probation in accordance with applicable probationary period rules.

Click on the link to complete the Employment Development Department Recruitment Survey: EDD Recruitment Survey

Merit System Principles
Information regarding Merit System Principles provided to public employees by the State Civil Service Act can be found on the CalHR website at https://www.calhr.ca.gov/Training/Pages/performance-management-merit-system-principles.aspx

Equal Opportunity Employer
The State of California is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding and related medical conditions), and sexual orientation.

It is an objective of the State of California to achieve a drug-free work place. Any applicant for state employment will be expected to behave in accordance with this objective because the use of illegal drugs is inconsistent with the law of the State, the rules governing Civil Service, and the special trust placed in public servants.