Enterprise Information Security Professional 1(Identity)
Description:
Schedule: Full-time
What You'll Do:
Under general supervision in the Office of Information Security & Privacy, leads security awareness training enrollment & compliance tracking:
• Lead identity & access lifecycle management, audit & reviews (e.g., IOP provisioning, account cleanup, on/off Boarding, ACL maintenance, User Access Audit, etc.)
• Lead security related remediation & risk mitigation activities, (e.g., POA&M prioritization, tacking & resolution) as a member of cross functional team
• Participate in efforts to ensure compliance with state security policy & other federal regulations as required by business needs & agency directives.
• Use available reports, security tools, & consoles to monitor Identity & Access Lifecycle dashboard(s), report(s) & alert(s) & distribute information as needed.
• Participate in the effort to identify actionable metrics that quantifies the Identity & Access security posture & facilitates communication regarding the state of security across the enterprise.
• Participate in the coordination of the deployment of security tools, process, procedures, & solutions.
• Coordinate access validation & reconciliation activities.
• Participate in consultation regarding security vulnerabilities related to Identities & Access practices by using available tools to identify weaknesses or confirm remediation.
• Participate in Incident Response Exercises performing various roles as needed
• Participate in the implementation of critical security controls performing various roles as needed
• Participate in efforts to verify application security using available security tools to identify application vulnerability & confirm remediation.
Attends, participates & leads routine & on demand meetings. (e.g., Change Control, Security Operations, Team meeting etc.):
• Participate in &/or seek out continuous education oppor-tunities.
• Proactively maintain awareness of current & newly published state policies, standards, procedures, bulletins, as well as federal regulations that are used to govern compliance requirements.
• Participate in creating & maintaining documentation regarding job duties, processes & procedures in order to facilitate knowledge transfer
*Other duties as assigned.
What’s in it for you:
At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:
Medical Coverage
Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.
Dental, Vision and Basic Life Insurance
Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.
Time Away From Work and Work/Life Balance
Paid time off, including vacation, personal, and sick leave
11 paid holidays per year
Childbirth/Adoption leave
Employee Development Funds
The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.
Ohio Public Employees Retirement System
OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee’s salary. Visit the OPERS website for more information.
Deferred Compensation
The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.
Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.
Completion of undergraduate core coursework in computer science; 12 mos. trg. or 12 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
-Or 12 mos. exp. as Information Technology Apprentice, 69910; successful completion of Ohio Cyber Apprenticeship program; additional 12 mos. trg. or exp. in Information Systems/Information Technology with a focus in one of the following areas: Software Engineering/Development, Data Analytics/Business Intelligence, Database Administration, Network, IT Security, and Help Desk/Customer Support.
-Or equivalent of Minimum Class Qualifications for Employment noted above. Note: The Ohio Cyber Apprenticeship program is a program offered by the Department Administrative Services. 2000 hrs. of on the job experience and 200 certified instructional credits must be earned in order to complete this program.
Job Skills: Cybersecurity
Knowledge
1. Computer science
2. Systems analysis & design
3. Common adversary tactics, techniques & procedures
4. Data backup, types of back-ups & recovery concepts & tools (e.g., Oracle)
5. Data security practices & implementation
6. Cryptology
7. Scripting language programs (e.g., WMI, Power Shell)*
8. Incident response & handling methodologies
9. Network traffic analysis methods
Skills
10. Operation of personal computer & associated hardware & software (e.g., MS Office, Outlook, PeopleSoft)
11. Utilization of network analysis tools to identify vulnerabilities
Abilities:
1. Define problems, collect data, establish facts & draw valid conclusions
2. Prepare meaningful, concise, & accurate reports
3. Read & understand a variety of technical material
4. Write program specifications & system documentation
5. Communicate verbally & in writing on technical & non-technical matters
6. Cooperate with co-workers on group projects
7. Maintain confidentiality of sensitive information
8. Prioritize & organize assignments
9. Develop & conduct training & perform knowledge transfer