Senior CyberSecurity Governance Specialist (Agency Information
Description:
Schedule: Full-time
What Our Employees Have to Say:
BWC conducts an internal engagement survey on an annual basis. Some comments from our employees include:
BWC has been a great place to work as it has provided opportunities for growth that were lacking in my previous place of work.
I have worked at several state agencies and BWC is the best place to work.
Best place to work in the state and with a sense of family and support.
I love the work culture, helpfulness, and acceptance I've been embraced with at BWC.
I continue to be impressed with the career longevity of our employees, their level of dedication to service, pride in their work, and vast experience. It really speaks to our mission and why people join BWC and then retire from BWC.
If you are interested in helping BWC grow, please click this link to read more, and then come back to this job posting to submit your application!
BWC’s core hours of operation are Monday-Friday from 8:00am to 5:00pm, however, daily start/end times may vary based on operational need across BWC departments. Most positions perform work on-site at one of BWC’s seven offices across the state. BWC offers flex-time work schedules that allow an employee to start the day as early as 7:00am or as late as 8:30am. Flex-time schedules are based on operational need and require supervisor approval.
What You’ll Be Doing:
Under the general supervision of the IT Risk Manager, the IT Security Analyst is responsible for monitoring, analyzing, and strengthening the security posture of the organization’s information systems. This role requires a deep understanding of computer science, electronic data processing, systems analysis, and cybersecurity methodologies. The analyst will investigate security alerts, evaluate risks, support security governance programs, and contribute to the development and enforcement of enterprise security policies and procedures.
Key Responsibilities
Security Monitoring, Analysis & Incident Support
• Collects and analyzes security alerts and potential intrusion artifacts to support mitigation and incident response.
• Utilizes specialized investigative tools and techniques to identify sources of network intrusion and recommend corrective actions.
• Evaluates existing and proposed IT operational policies to identify security exposures and recommend improvements.
• Creates, organizes, and maintains security documentation including configuration standards, security review processes, monitoring requirements, assessment results, and deployment guidelines.
Cybersecurity Governance & Compliance
• Oversees Cybersecurity governance activities such as PCI (Payment Card Industry) compliance, disaster recovery planning and testing, Social Security Administration (SSA) audit compliance, vendor security risk reviews, and maintenance of the IT Risk Register.
• Leads or participates in internal and external assessments including CIS (Center for Internet Security) Critical Security Controls, Office of Information Security & Privacy (OISP) Security Assessments, PCI-DSS (Payment Card Industry- Data Security Standard), SSA audits, and annual security maturity evaluations.
• Writes formal security reviews for new technology evaluated through the Technology Adoption Council, ensuring alignment with State and organizational risk requirements.
Cross-Functional Collaboration & Security Consultation
• Works closely with application teams, IT support, and security specialists internally and across partner organizations to ensure effective security controls across systems and environments.
• Conducts security reviews of new and existing applications, interfaces, and system changes and recommends remediation plans for identified risks.
• Assists in defining technical specifications, participating in product testing, and identifying/documenting security issues.
Security System Support & Technical Guidance
• Provides guidance to junior IT staff in the design, testing, implementation, and support of security solutions.
• Installs, configures, upgrades, and maintains security tools such as file integrity monitoring, privileged access management, vulnerability scanning tools, IDS/IPS (Intrusion Detection System/Intrusion Prevention System), SIEM (Security Information Event Management) authentication services, and monitoring platforms.
• Supports, monitors, and troubleshoots on-site and remote security infrastructure and performs regular preventive maintenance.
General IT Duties
• Prepares and submits regular security status and summary reports.
• Communicates problem resolution updates to stakeholders and ensures accurate and updated tracking of incident and remediation activities.
• Performs additional related duties as assigned.
To Qualify, You Must Clearly Demonstrate:
Required Experience and/or Education:
48 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
Or completion of associate core program in computer science AND 30 mos. trg. or 30 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
Or completion of undergraduate core program in computer science AND 24 mos. trg. or 24 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
Or completion of graduate core program in computer science AND 12 mos. trg. or 12 mos. exp. in computer data security either through monitoring system/network traffic for anomalous activity, systems development or controlling accessibility of data.
Or 12 mos. exp. as Agency Information Security Professional 1, 69991.
Or equivalent of Minimum Class Qualifications For Employment noted above.
Job Skill: Cybersecurity
Professional Skills: Adaptability, Attention to Detail, Critical Thinking, Responsiveness, Situational Awareness
Primary Technology: Security Software and Hardware
Major Worker Characteristics:
Knowledge of computer science; systems analysis & design; data security practices & implementation (e.g., Payment Card Industry (PCI)- Data Security Standard (DSS), Privileged Access Management (PAM) Security Information Event Management (SIEM); common adversary tactics, techniques & procedures; data backup, types of backups & recovery concepts & tools; cryptology; encryption methodologies; incident response & handling methodologies; network traffic analysis methods; scripting language programs (e.g., Power Shell, Windows Management Instrumentation )*; employee training & development*.
Skill in operation of personal computer & associated hardware & software; utilization of network analysis tools to identify vulnerabilities.
Ability to define problems, collect data, establish facts & draw valid conclusions; read & understand variety of technical material; write program specifications & system documentation; communicate verbally & in writing on technical & non-technical matters; maintain confidentiality of sensitive information; cooperate with co-workers on group projects developed after employment.