Agency Information Security Professional 2
Agency Information Security Professional 2
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The final candidate selected for this position will be required to undergo a criminal background check as well as other investigative convictions do not necessarily preclude an applicant from consideration for a position unless restricted under state or federal law or federal individual assessment of an applicants prior criminal convictions will be made before excluding an applicant from consideration.
The Ohio Department of Education and Workforce is anEqual Opportunity/Affirmative Action Employer that values diversity and seeks talented individuals from diverse backgrounds. Candidates are considered for employment without regard to race color sex sexual orientation gender identity religion creed national or ethnic origin citizenship status age disability veteran status or any other legally protected class. Questions or concerns about this should be directed to the Office of Human Resources ().
Ohio is a Disability Inclusion State and strives to be a model employer of individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services activities programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.
The State of Ohio is a drug-free workplace which prohibits the use of marijuana (recreational marijuana/non-medical cannabis). Please note this position may be subject to additional restrictions pursuant to the State of Ohio Drug-Free Workplace Policy (HR-39) and as outlined in the posting.
48 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity systems development or controlling accessibility of data.
-Or completion of associate core program in computer science; 30 mos. trg. or 30 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity systems development or controlling accessibility of data.
-Or completion of undergraduate core program in computer science; 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity systems development or controlling accessibility of data.
-Or completion of graduate core program in computer science; 12 mos. trg. or 12 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity systems development or controlling accessibility of data.
-Or 12 mos. exp. as Agency Information Security Professional 1 69991.
-Or equivalent of Minimum Class Qualifications For Employment noted above. Job Skill: Cybersecurity
About Us:
The Ohio Department of Education and Workforce is a diverse team of passionate education-focused professionals responsible for overseeing and enhancing the quality of education for each of Ohios 1.7 million students. The Department provides the resources and supports essential to raising student achievement and accelerating learning opportunities advancing the connectivity between K-12 and postsecondary learning creating programs to support and expand workforce experiences and ensuring students have the necessary supports to be ready each day to learn.
As the governing body responsible for overseeing and enhancing the quality of education within the State of Ohio the Department of Education and Workforce is dedicated to promoting educational excellence and ensuring equal access to learning opportunities for all students. The Department is committed to collaborating with schools districts educators students families businesses nonprofits and all stakeholders to achieve our educational goals.
The Ohio Department of Education and Workforce is seeking an experienced information security professional to help us expand improve and secure the applications and services we provide to our workforce and to schools and families.
Information Technology Office
The Information Technology Office (ITO) provides technology services to Ohios schools and districts students and families and the agency workforce. By joining our team you will become a contributor to some of the most important services in the Ohio K-12 education system. We create and maintain the systems that fund schools and districts provide school choice opportunities and scholarships to parents help students obtain college credit while still in high school and much more. Your work can directly impact the education of Ohios children!
What Youll Do
The primary role of the Agency Information Security Professional is to ensure that the agencys applications and services both internal and public facing are secure from exploitation fraud and intrusion. The successful candidate will have a growth mindset to help the agency balance the risks of new and fast-changing technology with the exciting opportunities it creates. Excellent communication skills are a must to enable team collaboration and information sharing with the CIO other IT leaders and the state enterprise information security team.
Key responsibilities include:
Serve as the agencys information security and privacy subject matter expert
Manage incident response activities including maintaining and proactively testing the plan and playbooks
Configure monitor and support enterprise security tools
Maintain and enforce security policies and procedures
Review vendor contracts terms etc. to ensure alignment to agency and state requirements
Key tools in use today that the successful candidate will use include Qualys CrowdStrike BlueCoat and Azure Advisor. Tools related to security used by other IT teams include Github Advanced Security and SonarQube for app developers and SCCM and InTune by IT Operations.
For more details see the complete position description below.
Complete Position Description
Primary Technology: Security Monitoring
Secondary Technology: Security Software and Hardware
Monitor and ensure cybersecurity posture for the agency. (50%)
Acts as the agencys primary administrator for state enterprise security tools (e.g. Qualys Crowdstrike BlueCoat Azure Advisor) including establishing access levels for and monitoring use by other agency personnel.
Review user authorization reports vulnerability management reports and/or other security reports and logs from state enterprise and/or agency tools. Identify significant gaps. Develop and coordinate remediation efforts with other IT teams.
Conduct and administer security tests (e.g. tabletop exercises penetration tests backup/restore resiliency and failover scheduled scans).
Participate in and/or coordinate risk assessments. Coordinate remediation efforts for IT risks.
Maintain the agency Incident Response Plan. Design new and update existing incident response playbooks with other IT teams.
Assist other IT teams (developers IT operations DBAs data professionals) in analyzing identifying and implementing the security requirements for new systems.
Develop and review authorization and assurance documents including privacy impact assessments to confirm acceptable risk for software applications and systems.
Provide guidance to agency development staff on best practices on coding and using state enterprise tools to create secure code.
Evaluate requests for security exceptions. Submit and coordinate exception requests with the state enterprise security office.
Act as the security and privacy subject matter expert. (30%)
Develops maintains and enforces information security and privacy policies and procedures for the agency. Monitor changes in state enterprise policy that impacts agency security or privacy policy.
Review vendor contracts terms of service security documents and other resources during product/service procurement and/or proposal review to determine alignment to state and agency security requirements.
Participate in state enterprise security and privacy workgroups conferences or other collaboratives.
Liaisons with the state enterprise security office.
Manage incident response activities. (10%)
Performs triage of potential security incidents to determining scope urgency potential impact summarizing findings and recommending whether an incident should be declared.
Coordinate incident response activities according to the agencys Incident Response Plan and playbooks.
Facilitate communications with agency leadership state enterprise security and others according to the Plan.
Collects and analyzes evidence and artifacts (e.g. equipment logs files source code malware trojans) as needed for state enterprise security Legal or others. Documents original condition of digital &/or associated evidence. Ensures chain of custody is followed.
Professional Development (5%)
With the supervisor creates and follows a professional development plan.
Maintains and updates job related skills using available resources including (but not limited to) online training provided by the agency and partner agencies or companies; relevant books articles webinars forums and conferences; or other resources deemed appropriate by the supervisor.
Shares acquired knowledge with peers and co-workers in both informal (one-on-one team meetings) and structured settings (trainings mentorships etc.) as appropriate. Plans and conducts knowledge transfer activities for peers and/or co-workers via verbal instruction technical documentation presentations or other means.
Other duties as assigned. (5%)
The work location of this position is 25 South Front Street Columbus Ohio 43215. You will be required to report to this work location full-time if selected.
At the State of Ohio we take care of the team that cares for Ohioans. We provide a variety of quality competitive benefits to eligible full-time and part-time employees*. For a list of all the State of Ohio Benefits visit ourTotal Rewards website! Our benefits package includes:
- Medical Coverage
- Free Dental Vision and Basic Life Insurance premiums after completion of eligibility period
- Paid time off including vacation personal sick leave and 11 paid holidays per year
- Childbirth Adoption and Foster Care leave
- Education and Development Opportunities (Employee Development Funds Public Service Loan Forgiveness and more)
- Public Retirement Systems (such as OPERS STRS SERS and HPRS)&Optional Deferred Compensation (Ohio Deferred Compensation)
*Benefits eligibility is dependent on a number of factors. The Agency Contact listed above will be able to provide specific benefits information for this position.
Required Experience:
Unclear Seniority
Employment Type
Full-Time
