State of New Mexico
IT Security & Compliance Admin II
State of New Mexico, Santa Fe, New Mexico, us, 87503
$34.05 - $54.48 Hourly
$70,826 - $113,321 Annually
This position is a Pay Band IE
Posting Details
The Public Regulation Commission serves New Mexico by ensuring safe operations and reliable utility services at fair, just, and reasonable rates consistent with the State's legal, economic, environmental, and social policies.
The Information Technology Bureau in the Administrative Services Division is responsible for providing IT support for all employees within the PRC, driving the PRC's accessibility under open government laws, and partnering with DoIT to maintain the highest standards in cybersecurity.
Interviews will take place two weeks upon posting closing.
Why does the job exist?
Under general supervision, perform all procedures necessary to ensure the safety of information systems and technology assets and data and to protect systems from intentional or inadvertent access or destruction. Performs security audits and provides management with status reports. Develops plans and requirements for disaster and incident response. Ensures information security and compliance with relevant legislation, legal interpretation, compliance, and regulatory standards.
How does it get done?
Performs audits to ensure that users are adhering to the necessary procedures and processes tomaintain IT security and compliance. Monitors compliance with security policies, standards, guidelines,and procedures.Coordinates and collaborates with compliance/regulatory auditors during formal audits.Collaborates with third party security agencies or companies in performing security assessments.Provides input into the development, review, and implementation of enterprise-wide security policies,procedures, and standards to meet compliance responsibilities.Participates with team(s) to gather a full understanding of project scope and business requirements.Participates in designing secure infrastructure solutions and applications.Works directly with the clients, third parties, and other internal groups to facilitate informationsecurity risk analysis and risk management processes and to identify acceptable levels of residual risk.Conducts impact analysis to ensure resources are adequately protected with proper securitymeasures.Analyzes security analysis reports for security vulnerabilities and recommends feasible andappropriate options.Creates, disseminates, and updates documentation of identified information security risks andcontrols. Follows up on deficiencies identified in monitoring reviews, self-assessments, automatedassessments, and internal and external audits to ensure that appropriate remediation measures havebeen taken.Checks existing accounts and data access permission requests against documented authorizations.Assists in the data classification process.Reports on significant trends and vulnerabilities.Assists in preparing disaster recovery plans.May assist with various end-user support as needed.Reviews, documents, and discusses violations of computer security procedures with the IT Director to report incidents.Monitors reports of computer security threats to determine changes in security stance.Assists in the development of plans to safeguard computer configurations against accidental orunauthorized modification, destruction, or disclosure.Provides guidelines and expertise for creating security awareness training for users to ensure ITsystem security and compliance.Develops and reports, as required, on any security deficiencies identified as Corrective Action Plans(CAPs) resulting from an audit and maintain Plans of Actions and Milestones (POAMs).Other duties, as assigned.
Who are the customers?
NMPRC Commissioners and Staff
Ideal Candidate
The ideal candidate will have at least five (2-4) years experience in:- Designing, implementing of new or improved network systems- Set-up maintaining, and patching network Switches, Hubs, and routers- Firewall Security- Managing virtual systems- Managing Microsoft Azure, Entra ID, Intune, and AutoPilot
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:Education Experience Education Experience 1 High School Diploma or Equivalent
AND
6 years of experience
OR
High School Diploma or Equivalent
AND
6 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification
AND
4 years of experience Associate's degree or higher in any field
AND
6 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification
AND
2 years of experience4 Master's degree or higher in the field(s) specified in the minimum qualification
AND
0 years of experience•Education and years of experience must be related to the purpose of the position.
•If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Must maintain a valid NM driver's license and complete a successful background check.
Working Conditions
Work is performed in an office setting with exposure to Visual/Video Display Terminal (VDT) and extensive phone and personal computer usage. Direct client interaction and some travel may be required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Sarah Valencia. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$70,826 - $113,321 Annually
This position is a Pay Band IE
Posting Details
The Public Regulation Commission serves New Mexico by ensuring safe operations and reliable utility services at fair, just, and reasonable rates consistent with the State's legal, economic, environmental, and social policies.
The Information Technology Bureau in the Administrative Services Division is responsible for providing IT support for all employees within the PRC, driving the PRC's accessibility under open government laws, and partnering with DoIT to maintain the highest standards in cybersecurity.
Interviews will take place two weeks upon posting closing.
Why does the job exist?
Under general supervision, perform all procedures necessary to ensure the safety of information systems and technology assets and data and to protect systems from intentional or inadvertent access or destruction. Performs security audits and provides management with status reports. Develops plans and requirements for disaster and incident response. Ensures information security and compliance with relevant legislation, legal interpretation, compliance, and regulatory standards.
How does it get done?
Performs audits to ensure that users are adhering to the necessary procedures and processes tomaintain IT security and compliance. Monitors compliance with security policies, standards, guidelines,and procedures.Coordinates and collaborates with compliance/regulatory auditors during formal audits.Collaborates with third party security agencies or companies in performing security assessments.Provides input into the development, review, and implementation of enterprise-wide security policies,procedures, and standards to meet compliance responsibilities.Participates with team(s) to gather a full understanding of project scope and business requirements.Participates in designing secure infrastructure solutions and applications.Works directly with the clients, third parties, and other internal groups to facilitate informationsecurity risk analysis and risk management processes and to identify acceptable levels of residual risk.Conducts impact analysis to ensure resources are adequately protected with proper securitymeasures.Analyzes security analysis reports for security vulnerabilities and recommends feasible andappropriate options.Creates, disseminates, and updates documentation of identified information security risks andcontrols. Follows up on deficiencies identified in monitoring reviews, self-assessments, automatedassessments, and internal and external audits to ensure that appropriate remediation measures havebeen taken.Checks existing accounts and data access permission requests against documented authorizations.Assists in the data classification process.Reports on significant trends and vulnerabilities.Assists in preparing disaster recovery plans.May assist with various end-user support as needed.Reviews, documents, and discusses violations of computer security procedures with the IT Director to report incidents.Monitors reports of computer security threats to determine changes in security stance.Assists in the development of plans to safeguard computer configurations against accidental orunauthorized modification, destruction, or disclosure.Provides guidelines and expertise for creating security awareness training for users to ensure ITsystem security and compliance.Develops and reports, as required, on any security deficiencies identified as Corrective Action Plans(CAPs) resulting from an audit and maintain Plans of Actions and Milestones (POAMs).Other duties, as assigned.
Who are the customers?
NMPRC Commissioners and Staff
Ideal Candidate
The ideal candidate will have at least five (2-4) years experience in:- Designing, implementing of new or improved network systems- Set-up maintaining, and patching network Switches, Hubs, and routers- Firewall Security- Managing virtual systems- Managing Microsoft Azure, Entra ID, Intune, and AutoPilot
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:Education Experience Education Experience 1 High School Diploma or Equivalent
AND
6 years of experience
OR
High School Diploma or Equivalent
AND
6 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification
AND
4 years of experience Associate's degree or higher in any field
AND
6 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification
AND
2 years of experience4 Master's degree or higher in the field(s) specified in the minimum qualification
AND
0 years of experience•Education and years of experience must be related to the purpose of the position.
•If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Must maintain a valid NM driver's license and complete a successful background check.
Working Conditions
Work is performed in an office setting with exposure to Visual/Video Display Terminal (VDT) and extensive phone and personal computer usage. Direct client interaction and some travel may be required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Sarah Valencia. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.