The Department of Administrative Services (DAS) is the central administrative agency that leads state government to implement the policy and budget decisions of the Governor and Oregon Legislature. Employing an enterprise-wide perspective, DAS serves state government by developing and upholding accountability standards to ensure productive and efficient use of state government’s financial, human and information resources.
Every employee plays a significant role. We have a strong management infrastructure built to serve Oregon state government and its citizens. DAS is led by the Chief Operating Office. The various programs within DAS each play an important and unique role to ensure a streamlined and efficient delivery system for our customers. The Governor, Legislature and state agencies all rely on our services. We strive to achieve their satisfaction every day.
The Chief Information Office (CIO) provides centralized oversight for enterprise-wide IT resource management, planning, policy, program development, project delivery and the setting of statewide IT standards. The CIO provides training, and direction to ensure IT integrity, security and consistency across state agencies by working closely with elected officials, political subdivisions, state agencies and IT staff from other states. Specific policy sections within the CIO include the Geospatial Enterprise Office; the Enterprise Security Office; the IT Investment and Planning section, and the Economic Recovery Executive Team.
The CIO, Enterprise Security Office (ESO),is recruiting for a Senior Information Security Analyst (ISS8) located in Salem. This position is full time, permanent and is unrepresented.
The DAS team is built on collaboration and support. We work together to ensure our customers receive the highest quality of service. We take pride in our work and look for ways to innovate. DAS is committed to hiring highly-skilled, diverse and dedicated employees who will bring a unique skill set to the team.
Duties & Responsibilities:
The primary responsibility of the Senior Information Security Analyst is to provide expert technical consultation to the State Chief Information Security Officer (CISO), DAS and various state agency technical management and staff on enterprise security and general information security. This incumbent assists the CISO with governance, oversight and analyzing compliance with security policies and procedures internal to DAS and across the State Computing and Networking Infrastructure (SCNI).
Assigned duties and responsibilities include:
Risk Management - (40%) Participate in periodic security assessments to monitor for changes in level of risk to state systems. Recommend changes in business operations to provide higher levels of security for networks, systems and data within the enterprise. Evaluate future information systems security requirements and develops and recommends technical and operational solutions.
Audit and Assurance - (30%) Monitors and evaluates the network and central information technology assets for policy and configuration compliance, known vulnerabilities and signs of compromise. Performs periodic audits to assure that security policies and standards are being complied with, and recommends enhancements. Acts as a technical resource for IT staff and management within the agency and across the State of Oregon. Participates in the evaluation of proposed systems, applications and network software and systems to determine security or data integrity implications. Facilitates the timely dissemination of security information, alerts and advisories to IT staff and management within the agency and across the State of Oregon. As a member of the State of Oregon Incident Response Team (SIRT), develops and exercises procedures for detecting, reporting and investigating breaches in security and with the assistance of appropriate law enforcement, telecommunication, human resources and other personnel, investigates security breaches, privacy breaches and any other breaches of confidentiality. Provides forensics support and support to the State of Oregon SIRT as required.
Policies and Standards - (10%) Assists the State Chief Information Security Officer with agency specific and State of Oregon enterprise network and systems security planning, governance and oversight. Collaborates with professional IT staff within the agency and across the State of Oregon to establish security standards and procedures for the enterprise. Makes recommendations for technical security implementation policies and procedures based on analysis of systems and networks. Proposes, supports, maintains and enhances information systems security standards, policies and procedures.
Ownership and Accountability - (10%) Researches and assesses new technologies for enterprise security, tests with existing systems and infrastructure and evaluates for adoption. Sponsors and conducts security lectures and training programs for the purpose of raising the awareness of responsibility by users, IT staff and management to safeguard data entrusted to them. Conducts training in security configuration, standards and practices for systems and networks. At the request of division management, writes position papers pertaining to data security.
Program Support - (10%) Performs other duties as assigned by the State Chief Information Security Officer, e.g. completing status reports on time, special projects. Maintains professional expertise by attending training, seminars and conferences.
Duties are performed in a cubicle office design resulting in on-going audible distractions. Requires extended time working at a computer terminal with frequent use of common office technology, including phones, computers, printers, copy machines, fax machines, etc. Work may include long periods of sitting and standing. Requires extended work schedule at various times to meet project due dates.
Qualifications & Desired Attributes:
Your on-line e-Recruit application will be reviewed to determine whether you have the education and/or experience required for this position. Please ensure that the answers to all questions are complete and accurately reflected in the work experience section of the application.
To be considered for this position, you must meet the following minimum qualifications:
Six (6) years of professional consultative, technical, or administrative experience providing expert advice and leadership in planning, development, coordination, and implementation of information systems. Experience must include activities in:
Communications: Communication means the connections that link systems and includes voice, data, image, and video.
Software: Software means the programs, procedures, rules, and associated documentation concerned with operating a system and covers both applications and operating software.
Hardware: Hardware Device means the physical components (e.g., PC,server, mainframe, peripherals).
Data: Data means data bases and associated master files.
(a) at least 30 quarter (20 semester) credits in computer science;
(b) two more years of experience providing a knowledge of information systems theory and principles.
Examples of experience providing a knowledge of information systems theory and principles are: Providing technical consultation and advice to managers, technical and professional IS staff, and system users in planning, analyzing, developing, and implementing the operation, maintenance, installation, modification, and construction of information systems; OR Working with vendors and contracted personnel to assess new technology, provide oversight, exchange information, and solve problems.
Note: 15 quarter (10 semester) graduate-level computer science, software engineering, information systems, or equivalent credits may substitute for one year of the professional experience.
The "Work Experience" section on your application must clearly identify/support your experience listed above to meet the minimum qualifications.
Transcripts: To receive credit for coursework required to meet minimum qualifications, you must attach transcripts to your application. See the detailed instruction related to transcripts below.
Additional Requirement: Incumbent must acquire CISSP certification within six months from date of hire.
Desired Attributes: We are looking for applicants with work experience clearly demonstrating the following:
• Experience in risk management based information security analysis.
• Experience in incident response, including familiarity with the National Incident Management System (NIMS)
• Experience performing computer forensics
• Experience conducting security assessments
• Demonstrated ability to practice critical thinking skills, including scientific methodology, analyzing technical methodologies, business practices and technical reports.
• Excellent skills in communicating effectively with technical and business partners in writing and in oral expression including making presentations.
• A high degree of understanding and experience of network and system technical practices and procedures, including one or more of Windows and Linux
• Ability to write information systems security documentation, including alerts, policies, procedures, and standards.
Preference Statement: Preference will be given to applicants with the following:
1. A four-year degree in computer science or a related field. Transcripts must be attached as instructed below.
2. One or more technical information security related certifications (e.g., GIAC GCFA, GCIH, GAWN or GCIH).
Note: Transcripts and Certification: To receive credit for coursework and/or certification, you must attach a copy of your transcripts and/or certification to your application.
To apply you must provide the following:
1. Completed application: The application must include work experience that supports how you meet the minimum qualifications and desired attributes. A resume (attached or text) will not replace the work experience section of the application.
2. Transcripts: Must be attached if using education to meet minimum qualifications. (A copy of your diploma will not substitute required transcripts.) Transcripts must identify the institution and if applicable the degree awarded.
Resume: A resume may be provided to supplement the required materials. ( Note : A resume will not be reviewed as a substitute for information required in the work experience section of the application required to meet minimum qualifications. When candidate meets the minimum qualifications, if attached, the resume will be forwarded to the hiring manager as additional application for review.)
Employment is contingent on the outcome of a criminal records check which may require fingerprints (FBI). Any history of criminal activity will be reviewed and could result in the withdrawal of the offer or termination of employment.
The Department of Administrative Services does not offer visa sponsorships. Within three days of hire, all applicants will be required to complete the US Department of Justice Form I-9, confirming authorization to work in the United States.
The Department of Administrative Services is an equal opportunity, affirmative action employer committed to a diverse workforce.
If you have questions regarding this job announcement, please call 503-378-4396.
- State Directories
- Agencies A to Z
- Oregon Administrative Rules
- Oregon Revised Statutes
- About Oregon.gov
Web Site Links
State of Oregon - 21 months ago