100 North 15th Avenue

Phoenix Arizona 85007

Annual Salary Range: $68000 - $90000

Grade: 24

This position will close on Decemder 19 2025

This position plays an essential role in protecting the confidentiality integrity and availability of State information systems and data through the identification of security and privacy protection risks and ensuring the compliance of systems and organizations with existing Statewide policies and regulatory requirements.

This position ensures that the appropriate proactive analysis and auditing of security controls and processes are in place and effective to help the State withstand and/or recover from issues caused by known and unknown internal or external threats.

Ensures organization compliance to Statewide Information Security policies NIST ISO PCI HIPAA and other security standards by providing information security and privacy protection compliance reviews and proactive assessments. Assists with the development and implementation of enterprise-wide information security and privacy policies and standards

Identify information security and privacy protection risks across the state and direct agencies to adopt risk mitigation strategies methods and procedures to minimize the risks in accordance with established risk management policies and procedures. Assists with data breach and privacy incident investigations

Participates in projects by evaluating systems security plans and implemented security controls for security and privacy compliance of technology infrastructure and applications to reduce security risk and enhance overall security posture

Support the statewide information security and privacy protection awareness and training programs

Leads or participates with all internal and external security and privacy audits and assessments

Other duties as assigned as related to the position

Knowledge:

This role demands a comprehensive expertise in information security technologies with a focus on industry trends best practices and the implementation of robust security measures across various domains. The candidate must have a solid understanding of key information protection standards including NIST HIPAA PCI and IRS and demonstrate proficiency in assessing and managing risks ensuring compliance and addressing vulnerabilities within an organizations infrastructure

In addition the candidate should possess deep knowledge of cybersecurity workforce dynamics virtual learning environments and the development and enforcement of cybersecurity operation policies and procedures. They should be well-versed in the principles and practices of risk management business continuity and disaster recovery with an ability to apply these concepts to real-world scenarios

Expertise in privacy laws and regulations cybersecurity threats and vulnerabilities and the use of advanced cyber defense tools and techniques is essential. The ideal candidate will also have experience with enterprise cybersecurity architecture identity and access management and the evaluation and validation of security controls. Familiarity with emerging technologies insider threat management and supply chain risk management is crucial as is knowledge of industry models and frameworks for cybersecurity and data protection. Overall this role requires a strategic thinker capable of integrating a broad spectrum of cybersecurity knowledge into cohesive and effective security strategies

Skills:

This role requires strong customer service skills along with excellent interpersonal written and oral communication abilities to effectively interact with clients and stakeholders. The ideal candidate should possess a robust skill set in identifying gaps in technical capabilities applying security controls and interfacing with customers to address their needs. Proficiency in assessing security system designs applying secure coding techniques and performing root cause analysis is crucial for maintaining and enhancing system security

Additionally the candidate must be adept at processing and verifying data for follow-on analysis as well as deriving evaluative conclusions to support informed decision-making. The ability to communicate complex concepts both verbally and in writing facilitate group discussions and create technical documentation is essential. Expertise in developing security assessments instructional materials and policy plans is also required. The candidate should be skilled in maintaining standard operating procedures evaluating laws regulations and policies and analyzing processes to ensure compliance with procedural requirements

Critical thinking and collaboration are key skills for this role especially in dynamic fast-paced environments. The ability to analyze large data sets identify target vulnerabilities and align privacy and cybersecurity objectives is vital. The candidate should also be proficient in risk assessment identifying system vulnerabilities and applying policies that meet system security objectives. Additional skills include performing technical writing negotiating vendor agreements and building relationships with internal and external stakeholders to effectively manage and mitigate cybersecurity risks

Ability:

The tasks associated with this job involve ensuring the effectiveness and compliance of an organizations cybersecurity and privacy programs. This includes assessing and managing the effectiveness of security controls correlating training efforts to business or mission needs and managing accreditation packages to maintain compliance. Establishing and maintaining privacy audit programs is essential for continuous monitoring and mitigation of privacy risks. The role also involves determining the legal and operational impacts of cybersecurity incidents and identifying critical technology procurement needs

Additional responsibilities include researching new vulnerabilities advising senior management on risk levels and cybersecurity posture and developing risk profiles. The role requires conducting privacy impact assessments identifying vulnerabilities and recommending remediation strategies. There is a strong focus on developing implementing and auditing cybersecurity policies training programs and compliance processes. Ensuring that contracts and procurement efforts meet legal funding and security requirements is also crucial as is advising on risk management and overseeing cybersecurity audits. Finally the role includes developing and delivering training promoting awareness and ensuring alignment of cybersecurity and privacy practices with organizational goals

Bachelors degree plus 2 years of extensive experience in information security controls and regulatory compliance (or equivalent experience)

Certified Information Security Systems Professional preferred

Required to drive on State business; must possess a valid Arizona drivers license

Proof of U.S. Citizenship required (due to security clearance)

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business then the following requirements apply:Drivers License Requirements.

The State of Arizona offers a comprehensive benefits package to include:

Optional employee benefits include short-term disability insurance deferred compensation plans and supplemental life insurance

Life insurance and long-term disability insurance

Vacation with 10 paid holidays per year

Health and dental insurance

Retirement plan

Sick leave

Learn more about the Paid Parental Leave pilot programhere. For a complete list of benefits provided by The State of Arizona please visit our benefits page

Positions in this classification participate in the Arizona State Retirement System (ASRS)

Please note that enrollment eligibility will become effective after 27 weeks of employment

If you have any questions please feel free to contact Ariel Gonzalez at for assistance