STATE CLASSIFICATION JOB DESCRIPTION
Salary Group B23
Class No. 0235
Performs complex (journey-level) information security analysis work. Work involves planning, implementing, and monitoring security measures for information systems and infrastructure to regulate access to computer configuration and data files and to prevent unauthorized modification, destruction, or disclosure of information. May train others. Works under general supervision, with moderate latitude for the use of initiative and independent judgment.
EXAMPLES OF WORK PERFORMED
Coordinates with users to discuss issues such as account permission and computer data access needs, security violations, and programming changes.
Coordinates the implementation of computer system security plans with agency personnel and outside vendors.
Develops plans to safeguard computer configuration and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
Modifies and monitors computer configuration and data files to incorporate new software and virus protection systems, correct errors, or change individual access status.
Implements continuous automated security compliance capabilities.
Monitors and maintains systems and procedures to protect data systems and databases from unauthorized access.
Performs technical risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.
Regulates access to computer configuration and data files and prevents unauthorized modification, destruction, or disclosure of information.
Researches systems and procedures for the prevention, detection, containment, and correction of data security breaches.
Trains users and promotes security awareness to ensure system security and to improve application, server, and network efficiency.
Assists in designing and deploying security applications and infrastructure program activities.
Assists in advising management and users regarding security configurations and procedures.
May develop information technology disaster recovery and business continuity planning.
May assist in encrypting data transmissions and defining firewall configuration to protect confidential information in transit.
May train others.
Performs related work as assigned.
GENERAL QUALIFICATION GUIDELINES
Experience and Education
Experience in information security analysis work. Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another.
Knowledge, Skills, and Abilities
Knowledge of the limitations and capabilities of computer systems; of technology across all mainstream network, operating system, and application platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; and of information security practices, procedures, and regulations.
Skill in the use of computers and applicable software; and in configuring, deploying, and monitoring security applications and infrastructure.
Ability to resolve complex security issues in diverse and decentralized environments, to learn new information and security technologies, to communicate effectively, and to train others.
State Auditor’s Office