STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B27

Class No. 0237

INFORMATION TECHNOLOGY SECURITY ANALYST III

GENERAL DESCRIPTION

Performs highly advanced and/or supervisory (senior-level) information security analysis work. Work involves planning, implementing, and monitoring security measures for information systems and infrastructures to regulate access to computer configuration and data files and to prevent unauthorized modification, destruction, or disclosure of information. May plan, assign, and/or supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Oversees and/or performs the design, automation, and deployment of security applications and infrastructure program activities.

Oversees the implementation of computer system security plans with agency personnel and outside vendors.

Develops and/or coordinates the development of agency policies for encryption of data transmissions and the definition of firewall configuration to protect confidential information in transit.

Develops, recommends, and implements plans to safeguard computer configuration and data files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.

Develops information technology disaster recovery and business continuity planning.

Advises management and users regarding security configurations and procedures.

Performs and reviews technical risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.

Confers with users to discuss issues such as account permission and data access needs, security violations, and programming changes.

Modifies and monitors computer configuration and data files to incorporate new software and virus protection systems, correct errors, or change individual access status.

Designs and plans deployment of continuous automated security compliance capabilities.

Monitors, evaluates, and maintains systems and procedures to protect data systems and databases from unauthorized access.

Regulates and reviews access to computer configuration and data files and prevents unauthorized modification, destruction, or disclosure of information.

Researches, evaluates, and recommends systems and procedures for the prevention, detection, containment, and correction of data security breaches.

Trains users and promotes security awareness to ensure system security and to improve application, server, and network efficiency.

May plan, assign, and/or supervise the work of others.

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in information security analysis work. Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Education and experience may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of the limitations and capabilities of computer systems; of technology across all mainstream network, operating system, and application platforms; of operational support of networks, operating systems, Internet technologies, databases, and security applications; and of information security practices, procedures, and regulations.

Skill in the use of computers and applicable software; and in configuring, deploying, monitoring, and automating security applications and infrastructure.

Ability to resolve complex security issues in diverse and decentralized environments; to learn, communicate, and teach new information and security technologies; to communicate effectively; and to plan, assign, and/or supervise the work of others.


State Auditor’s Office

Revised 9-1-17