Salary Group B31

Class No. 0239



Performs highly advanced and/or supervisory (senior-level) information security work providing direction and guidance in strategic operations and planning. Work involves developing security and business continuance standards and action plans; developing security architecture and policies based on business needs, risk assessments, and regulatory requirements; and conducting information security risk analysis and system audits. Plans, assigns, and/or supervises the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.


Directs the deployment of security infrastructure.

Directs the agency risk management program through planning, developing, coordinating, and implementing information technology disaster recovery and business continuity planning.

Directs the ongoing development and implementation of statewide information and cybersecurity policies, standards, guidelines, and procedures to ensure information security capabilities cover current threat capabilities.

Directs and/or conducts research related to security trends and technology.

Oversees the implementation of computer system security plans with agency personnel and outside vendors.

Develops and implements agency policies for encryption of data transmissions and the erection of firewalls to conceal information as it is being transmitted and to eliminate tainted digital transfers.

Develops and manages information security and risk management awareness and training programs.

Reviews technical risk assessments and new and existing applications and systems, including data center physical security and environment.

Reviews results of special investigations, internal audits, research studies, forecasts, and modeling exercises to provide direction and guidance.

Reviews guidelines, procedures, rules, and regulations; and monitors compliance.

Reviews and approves management, productivity, and financial reports and studies.

Reviews budgets and provides final approval.

Represents the agency at business meetings, hearings, trials, legislative sessions, conferences, and seminars or on boards, panels, and committees.

Plans, assigns, and/or supervises the work of others.

Performs related work as assigned.


Experience and Education

Experience in information security analysis management work. Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field is generally preferred. Experience and education may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of local, state, and federal laws and regulations relevant to information security, privacy, and computer crime; of the principles and practices of public administration and management; of the limitations and capabilities of computer systems; of technology across all network layers and computer platforms; and of operational support of networks, operating systems, Internet technologies, databases, and security applications.

Skill in the use of a computer and applicable software; and in configuring, deploying, and monitoring security infrastructure.

Ability to direct and organize program activities; to identify problems, evaluate alternatives, and implement effective solutions; to develop and evaluate policies and procedures; to prepare reports; to resolve advanced security issues in diverse and decentralized environments; to communicate effectively; and to plan, assign, and/or supervise the work of others.

Registration, Certification, or Licensure

May require certification as a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).

State Auditor’s Office

Added 9-1-15