|Preferred GIAC Certifications||SANS GIAC or CISSP|
|Salary||$7,250.00 - $7,708.33|
|Contact Name||HR Department|
Ensures agency processes and technologies are aligned with common regulatory state/federal controls and standards such as: NIST SP 800-53, HIPAA, Texas Administrative Code 202, etc.
Performs compliance and risk assessment audits and determines acceptable risk and risk mitigation strategies.
Coordinates the implementation of computer system security plans with agency personnel and outside vendors.
Confers with various IS staff to discuss issues such as computer data access needs, security violations, and programming changes.
Advises management and users regarding security procedures.
Develops, maintains, and matures ERS security infrastructure.
Analyzes and tests new or existing procedures, information systems, or utility programs for security vulnerabilities and recommends remediation procedures.
Designs, modifies, and implements new or revised security controls to improve system security including policy creation for intrusion detection/prevention systems and data loss prevention systems.
Performs technical security reviews and vulnerability scans, meeting both internal and external requirements.
Performs risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.
Researches, evaluates, and recommends systems and procedures for the prevention, detection, containment, and correction of data security breaches. Coordinates the design and deployment of security infrastructure and managing related program activities.
Assists in advising management and users regarding security procedures, which includes administering security awareness training and identifying appropriate metrics for use in generating status reports.
Creates and maintains documentation concerning security procedures.
Provides special security information needed by other staff members for their projects.
Performs other duties as assigned.
Attends work regularly in accordance with agency leave and attendance policies.
Complies with all applicable agency policies and procedures, including safety and standards of conduct.
Performs On-call or scheduled after hours work as required.
Essential Work Behaviors:
Communicates respectfully and works harmoniously with all co-workers, customers and vendors.
Provides exceptional customer service.
Is flexible; able to work under pressure and; able to adapt to change; and able to work on multiple problems and tasks.
Takes initiative to prevent and solve problems.
Other Duties and Responsibilities:
May assist the agency in encrypting data transmissions and designing security systems to conceal confidential information as it is being transmitted and to eliminate tainted digital transfers.
May monitor the interface of systems, subsystems, and software applications.
May evaluate and recommend action on testing and certification of software and hardware.
Required Minimum Qualifications
Graduation from an accredited four-year college or university with major course work in data processing, computer science, computer information systems, or management information systems or a related field; or attainment of a diploma from a two-year technical school with specialization in computer technology. Each year of experience over the required minimum years may substitute for the education on a 30 semester hour per year basis.
Three (3) years of experience in systems security analysis and design work in a progressively difficult role, including experience securing enterprise networks.
SANS GIAC or CISSP
Experience with the following security tools:
Nessus or Saint vulnerability scanning
At least one web application scanning tool
File integrity tool(s)
Knowledge of computer programming and scripting languages including:
Familiarity with State and Federal computer security and data privacy laws and regulations.
Work is performed in an office environment. Performs On-call or scheduled after hours work as required. ERS will conduct either a TXDPS or FBI criminal history check on all new hires. For more information about this policy inquiries can be made to firstname.lastname@example.org.