This position reports to Information Security Officer in the division of Information Technology Services. Performs advanced and/or managerial information security analysis work. Work involves planning, implementing, and monitoring security measures for information systems and infrastructure to regulate access to computer data files and to prevent unauthorized modification, destruction, or disclosure of information. May plan, assign, and/or supervise the work of others. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment. The Information Security Analyst is a senior member of the Information Security team and works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The security analyst works with the ITS department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.
Work Hours: Flexiable between hours of 7:00 am and 6:00 pm, Monday-Friday. Occasional on-call work required after business hours and on weekends.
Education: Graduation from an accredited four year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred.
Experience: At least five (5) years of experience in information security analysis work and prefers four (4) years of IT or network security experience.
Substitution: Each additional year of related experience above the required minimum may substitute for education on a year-for-year basis.
License/Certification: Any one of the following technical certifications preferred: CISSP, MSCE, or GIAC.
Knowledge, Skills, and Abilities (KSA):
Knowledge of: The limitations and capabilities of computer systems; technology across all network layers and computer platforms; operational support of networks, operating systems, Internet technologies, databases, and security applications; and information security practices, procedures, and regulations.
Skill in: The operation of computers and applicable software and in configuring, deploying; and monitoring security infrastructure; Strong written and verbal communication skills; A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
Ability to: Resolve complex security issues in diverse and decentralized environments; communicate effectively; and plan, assign; or supervise the work of others; In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls; interact with TEA's personnel at all levels and across all business units and organizations, and to comprehend business imperatives; have strong leadership abilities, with the capability to develop an information security team and guide team members and to work with only minimal supervision.
Knowledge of: Experience in developing and documenting security architecture and plans; including strategic; tactical and project plans; common information security management frameworks; such as International Organization for Standardization (ISO) 2700x and the ITIL; COBIT and National Institute of Standards and Technology (NIST) frameworks; the fundamentals of project management; and experience with creating and managing project plans; including budgeting and resource allocation; In-depth knowledge of risk assessment methods and technologies; Proficiency in performing risk; business impact; control and vulnerability assessments; Strong understanding of business applications; including ERP and financial systems; Excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows and IBM AIX) and a wide range of security technologies; such as network security appliances; identity and access management (IAM) systems; anti-malware solutions; automated policy compliance tools; and desktop security tools; Experience in developing; documenting and maintaining security policies, processes, procedures and standards; network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts; application security concepts, including design review, code review, and static and dynamic testing; Audit, compliance or governance experience is preferred; Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
This job description is not an employment agreement or contract. Management has the exclusive right to alter this job description at any time without notice.
Salary is dependent on qualifications.
Positions exempt from the Fair Labor Standards Act (FLSA) will earn compensatory time off rather than overtime for hours in excess of 40 per week. May be required to work hours other than 8 to 5. May be required to work weekends and holidays.
In accordance with applicable federal and state equal opportunity laws, it is TEA's policy that no person shall be excluded from consideration for recruitment, selection, appointment, training, promotion, retention or any other personnel action, or be denied any benefits or participation in any educational programs or activities which it operates on the grounds of race, religion, color, national origin, sex, disability, age or veteran status (except where age, sex or disability constitutes a bona fide occupational qualification necessary to proper and efficient administration.
The Immigration Reform and Control Act requires all new employees to present proof of identity and eligibility to work in the United States. TEA does not sponsor H1-B work visas. Males, 18 to 25 years of age, are required to present proof of selective service registration (or exemption) prior to being employed by any state agency.
There is a 90-day waiting period for health insurance coverage and retirement contributions for new hires and re-hires.
This position requires the applicant to meet Agency standards and criteria which may include passing a pre-employment criminal background check, prior to being offered employment by the Agency.