State of New Mexico
IT Security & Compliance Administrator II
State of New Mexico, Santa Fe, New Mexico, us, 87503
$34.05 - $54.48 Hourly
$70,826 - $113,321 Annually
This position is a Pay Band IE
Posting Details
THIS POSTING WILL BE USED FOR ONGOING RECRUITMENT AND MAY CLOSE AT ANY TIME. APPLICANT LISTS MAY BE SCREENED MORE THAN ONCE.
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
Why does the job exist?
The position will assist in oversight of technical, physical, and administration security of information systems. Will implement robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The Office of Cybersecurity (OCS) performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to surveillance and monitoring of IT Infrastructure and support appropriate responses to security incidents. They will focus on enforcing security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
How does it get done?
The position will perform audits to establish, implement, and enforce enterprise security standards and policies.
Will monitor all systems for information security abnormalities and conduct investigations in addressing them.
Collaborates with third party security agencies or companies in performing security assessments.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation.
Implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices.
Assist with investigating, evaluating, and resolving cybersecurity incidents in accordance with prescribed policies and procedures.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
¿ Conduct monitoring of security tools and implement controls as directed. ¿ Review security intelligence and updates security tools to detect and block malicious IP's and signatures. ¿ Review security intelligence and perform threat hunts for indications of compromise in the environment. ¿ Review logs and activities and escalate to more State agencies when necessary. ¿ Deliver security awareness training and provide reporting on participation and compliance. ¿ Provide input to the preparation of disaster recovery plans. ¿ Prepare documentation for all actions taken.
Who are the customers?
State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications: Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position: Education Experience Education Experience 1 High School Diploma or Equivalent
AND
6 years of experience
OR
High School Diploma or Equivalent
AND
6 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification
AND
4 years of experience Associate's degree or higher in any field
AND
6 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification
AND
2 years of experience4 Master's degree or higher in the field(s) specified in the minimum qualification
AND
0 years of experience •Education and years of experience must be related to the purpose of the position.
•If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License, Defensive Driving, and Background Investigation.
Working Conditions
Work is performed in an office setting with exposure to Visual/Video Display Terminal (VDT) and extensive phone and personal computer usage. Direct client interaction and some travel may be required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Melissa Gutierrez. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$70,826 - $113,321 Annually
This position is a Pay Band IE
Posting Details
THIS POSTING WILL BE USED FOR ONGOING RECRUITMENT AND MAY CLOSE AT ANY TIME. APPLICANT LISTS MAY BE SCREENED MORE THAN ONCE.
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
Why does the job exist?
The position will assist in oversight of technical, physical, and administration security of information systems. Will implement robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The Office of Cybersecurity (OCS) performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to surveillance and monitoring of IT Infrastructure and support appropriate responses to security incidents. They will focus on enforcing security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
How does it get done?
The position will perform audits to establish, implement, and enforce enterprise security standards and policies.
Will monitor all systems for information security abnormalities and conduct investigations in addressing them.
Collaborates with third party security agencies or companies in performing security assessments.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation.
Implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices.
Assist with investigating, evaluating, and resolving cybersecurity incidents in accordance with prescribed policies and procedures.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
¿ Conduct monitoring of security tools and implement controls as directed. ¿ Review security intelligence and updates security tools to detect and block malicious IP's and signatures. ¿ Review security intelligence and perform threat hunts for indications of compromise in the environment. ¿ Review logs and activities and escalate to more State agencies when necessary. ¿ Deliver security awareness training and provide reporting on participation and compliance. ¿ Provide input to the preparation of disaster recovery plans. ¿ Prepare documentation for all actions taken.
Who are the customers?
State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications: Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and two (2) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Substitutions Apply. See Substitution Table below. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table
These combinations of education and experience qualify you for the position: Education Experience Education Experience 1 High School Diploma or Equivalent
AND
6 years of experience
OR
High School Diploma or Equivalent
AND
6 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification
AND
4 years of experience Associate's degree or higher in any field
AND
6 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification
AND
2 years of experience4 Master's degree or higher in the field(s) specified in the minimum qualification
AND
0 years of experience •Education and years of experience must be related to the purpose of the position.
•If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Driver's License, Defensive Driving, and Background Investigation.
Working Conditions
Work is performed in an office setting with exposure to Visual/Video Display Terminal (VDT) and extensive phone and personal computer usage. Direct client interaction and some travel may be required.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Melissa Gutierrez. Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.