STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B30

Class No. 0238

INFORMATION SECURITY OFFICER

GENERAL DESCRIPTION

Performs highly advanced (senior-level) information security work providing direction and guidance in strategic operations and planning.  Work involves developing security and business continuance standards and action plans; developing security architecture and policies based on business needs, risk assessments, and regulatory requirements; and conducting information security risk analysis and system audits.  Plans, assigns, and/or supervises the work of others.  Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Directs the deployment of security infrastructure.

Directs the agency risk management program through planning, developing, coordinating, and implementing information technology disaster recovery and business continuity planning.

Directs and/or conducts research related to security trends and technology.

Oversees the implementation of computer system security plans with agency personnel and outside vendors.

Oversees the ongoing development and implementation of statewide information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.

Develops and implements agency policies for encryption of data transmissions and the erection of firewalls to conceal information as it is being transmitted and to eliminate tainted digital transfers.

Develops and manages information security and risk management awareness and training programs.

Reviews technical risk assessments and new and existing applications and systems, including data center physical security and environment.

Reviews results of special investigations, internal audits, research studies, forecasts, and modeling exercises to provide direction and guidance.

Reviews guidelines, procedures, rules, and regulations; and monitors compliance.

Reviews and approves management, productivity, and financial reports and studies.

Reviews budgets and provides final approval.

Represents the agency at business meetings, hearings, trials, legislative sessions, conferences, and seminars or on boards, panels, and committees.

Plans, assigns, and/or supervises the work of others.

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in information security analysis management work.  Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred.  Experience and education may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; and of operational support of networks, operating systems, Internet technologies, databases, and security applications.

Skill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructure.

Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions; to develop and evaluate policies and procedures; to prepare reports; to resolve advanced security issues in diverse and decentralized environments; to communicate effectively; and to plan, assign, and/or supervise the work of others.

Registration, Certification, or Licensure

May require certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).


State Auditor’s Office

Revised 9-1-15