Program Administrator 3 (Agency Assessment and Reporting)
Description:
Schedule: Full-time
What You'll Do:
The Office of Information Security & Privacy (OISP) provides cybersecurity & privacy services to all state agencies, boards, & commissions, & collaborates with the non-executive branch offices (i.e., Secretary of State).
As part of the Governance, Risk & Compliance team, this role will support the DAS Office of Information Security & Privacy with support of risk & compliance activities.
This role works under general supervision & requires considerable knowledge of agency policies & procedures. Especially regarding risk identification, documentation, mitigation & compliance control activities.
This role may have supervision responsibility for assigned staff.
As part of the OISP team this role will work to evaluate & report on IT risk within agencies, boards & commissions. This work will support OISP’s mission to drive consistent cybersecurity & privacy practices across state agencies, boards & commissions to ensure compliance with applicable cybersecurity & privacy regulations.
This role reports to the leader of the GRC team &/or designated managers.
• Conduct meetings with appropriate agency representatives to obtain, record & make available compliance documents.
• Utilize & evolve OISP’s agency assessment & reporting processes;
• Follow the agency risk management strategy processes;
• Acquire & maintain expertise in applicable cybersecurity & privacy regulations, such as ORC, HIPAA, FERPA, PCI, & CJIS;
• Maintain expertise in cybersecurity & privacy frameworks (e.g., NIST, CIS, MITRE ATT&CK).
• Contribute to the continuous improvement & seek opportunities to use automation & other efficiencies to streamline or improve risk management services;
• Demonstrate excellent communication skills through presentations & oral & written communications;
• Provide subject matter expertise for during the IT Risk assessment process to agencies, boards & commissions.
• Utilize GRC tools to track risk & compliance status.
• Provide information for metrics & reports to benchmark & provide insight into agency assessments & reporting;
• Respond to inquiries, assessments, & exception & audit requests;
• Adhere to the OISP values.
What’s in it for you:
At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:
Medical Coverage
Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.
Dental, Vision and Basic Life Insurance
Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.
Time Away From Work and Work/Life Balance
Paid time off, including vacation, personal, and sick leave
11 paid holidays per year
Childbirth/Adoption leave
Employee Development Funds
The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.
Ohio Public Employees Retirement System
OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee’s salary. Visit the OPERS website for more information.
Deferred Compensation
The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.
Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.
5 yrs. trg. or 5 yrs. exp. in business administration, management or public administration.
-Or completion of undergraduate core program in business administration, management or public administration; 36 mos. trg. or 36 mos. exp. in supervisory, administrative &/or managerial position.
-Or completion of undergraduate core program for academic field of study commensurate with program area to be assigned per approved Position Description on File; 36 mos. trg. or 36 mos. exp. in supervisory, administrative, managerial &/or staff position involving planning, research &/or policy/procedure development.
-Or 1 yr. exp. as Program Administrator 2, 63123.
-Or equivalent of Minimum Class Qualifications For Employment noted above.
Job Skills: Program Management, Information Technology, Problem Solving, Critical thinking
Knowledge
1.Basic physical computer components & architectures, including the functions of various components & peripherals (e.g., CPUs, Network Interface Cards, data storage)
2. Current industry methods for evaluating, implementing, & disseminating IT security assessment, monitoring, detection & remediation tools & procedures utilizing standards-based concepts & capabilities
3. Electronic devices (e.g., computer systems/components, access control devices, digital cameras, electronic organizers, hard drives, memory cards, modems, network components, printers, removable storage devices, scanners, telephones, copiers)
4. Security principles & organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
5. Incident categories, incident responses, & timelines for responses
6. Incident response & handling methodologies
7. Known vulnerabilities from alerts, advisories, errata, & bulletins
8. Relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure
9. Structured analysis principles & methods
10.System & application security threats & vulnerabilities
11.Systems administration concepts
12.Capabilities & functionality of various collaborative technologies (e.g., group-ware, SharePoint, etc.)
13.Knowledge of the organization
14.Organization's core business/mission processes
Skills:
1. Conducting information searches
2. Conducting knowledge mapping
3. Basic operation of computers
4. Apply cybersecurity & privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
5. Assessing security controls based on cybersecurity principles & tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
6. Administrative planning activities, to include preparation of functional & specific support plans, preparing & managing
Abilities:
1. Identify systemic security issues based on the analysis of vulnerability & configuration data
2. Identify critical infrastructure systems with information communication technology that were designed without system security considerations
3. Read & understand a variety of technical & non-technical matters.
4. Maintain confidentiality of sensitive information
5. Maintain power skills & effective team leadership skills.
* Developed after employment