"Alerted.org

NY HELP No

Agency Information Technology Services, Office of

Title Information Technology Specialist 3 Information Security - 9877

Occupational Category I.T. Engineering, Sciences

Salary Grade 23

Bargaining Unit PS&T - Professional, Scientific, and Technical (PEF)

Salary Range From $86681 to $109650 Annually

Employment Type Full-Time

Appointment Type Contingent Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 8 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? Yes

County Albany

Street Address 31 British American Blvd

City Latham

State NY

Zip Code 12110

Duties Description Under the direction of senior team members within the Chief Information Security Office/Governance, Risk, & Compliance/Governance, Compliance, Awareness, & Training (GCAT)/Governance & Compliance Section, the incumbent will be responsible for assisting with the development and implementation of the Chief Information Security Office’s GCAT Program. The Program consists of policies, standards and guidelines to protect New York State information assets, assessing policy exception requests, assessing requests for Internal and External Audit information, and working with ITS and other State entities to assess and assure compliance with all State and Federal compliance standards. The candidate will also work to promote cybersecurity awareness and information security “best practices”.The position requires communicating orally and in writing with various individuals including management, users, and other IT staff. Additional information on work schedule will be discussed at time of interview.Duties include, but are not limited to:• Develop and maintain IT security policies and standards that address various security domains, including access control, data protection, incident response, vulnerability management, and third-party risk.• Conduct thorough research on emerging threats, vulnerabilities, and regulatory changes (e.g., CJIS, NIST, IRS1075) to ensure policies remain current and effective.• Collaborate with cross-functional teams including IT operations, legal, executive, and business units to understand their needs and integrate security requirements into policy development.• Facilitate the review and approval process for new and updated policies, engaging relevant stakeholders and leadership.• Communicate and evangelize security policies throughout the organization to ensure understanding and adherence.• Assist in the enforcement of security policies by supporting internal and external audits, assessing policy compliance, and identifying areas for improvement.• Maintain a centralized repository of all security policies and related documentation.• Receive and Log Policy Exception Requests Act as the primary point of contact for receiving all incoming IT policy exception requests from various departments and stakeholders. Accurately log each request into a dedicated tracking system (e.g., Archer), capturing all essential details such as the requesting party, policy being excepted, reason for exception, duration, and proposed compensating controls.• Initial Review and Validation: Perform an initial review of submitted requests to ensure completeness and clarity. Follow up with requesters to gather any missing information or clarify details. Verify that the request aligns with the established exception request process and submission guidelines.• Facilitate Risk Assessment and Approval Workflow: Route exception requests to the appropriate stakeholders for review and approval. Coordinate meetings or communications to facilitate discussions around the exceptions. Ensure all required approvals are obtained and documented within the tracking system.• Document and Record Exceptions: Maintain a comprehensive and up-to-date central repository of all approved and rejected policy exceptions. Document the justification for the exception, the associated risks, the approved compensating controls, the duration of the exception, and the names of all approvers. Ensure all documentation adheres to internal standards and audit requirements.• Monitor and Track Exception Lifecycles: Proactively monitor the expiration dates of approved exceptions. Initiate the renewal or closure process for exceptions nearing their expiration, coordinating with the original requester and approvers as needed.• Reporting and Analysis: Generate regular reports on policy exception trends, including the number of exceptions, common policies excepted, departments requesting exceptions, and reasons for exceptions. Analyze exception data to identify potential systemic issues, policy gaps, or areas requiring increased awareness and training. Present findings to management to support continuous improvement of policies and security controls.• Process Improvement: Continuously identify opportunities to streamline and improve the policy exception management process, tools, and documentation. Develop and update procedural documentation related to exception handling.• Audit Support: Assist during internal and external audits by providing accurate and comprehensive documentation related to policy exceptions. Answer auditor inquiries and demonstrate adherence to the exception management process.

Minimum Qualifications Non-competitive: five years of information technology, cybersecurity, or information assurance experience**.**Substitutions:A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor’s substitutes for two years of required experience.An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.A master’s degree or higher in computer science or related field substitutes for one year of required experience.

Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.Some positions may require fingerprinting.Some positions may require up to 25% travel and/or lifting up to 50 lbs. Some positions are pending Civil Service approval. Details of position(s) will be described further if you are selected for an interview.If eligible, positions located in New York City will receive an additional $3,400 downstate adjustment location pay with regular annual salary. Positions located in the Mid-Hudson will receive an additional $1,650 adjustment location pay.to permanent non-competitive and the official probationary period will begin.Benefits of Working for NYS Generous benefits package, worth 65% of salary, including:Holiday & Paid Time Off• Thirteen (13) paid holidays annually• Up to Thirteen (13) days of paid vacation leave annually• Up to Five (5) days of paid personal leave annually• Up to Thirteen (13) days of paid sick leave annually for PEF.• Up to three (3) days of professional leave annually to participate in professional developmentHealth Care Benefits• Eligible employees and dependents can pick from a variety of affordable health insurance programs• Family dental and vision benefits at no additional costAdditional Benefits• New York State Employees’ Retirement System (ERS) Membership• NYS Deferred Compensation• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds• Public Service Loan Forgiveness (PSLF)• And many more.The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.

Some positions may require additional credentials or a background check to verify your identity.

Name ITS Human Resources

Telephone 518-473-0398

Fax 518-402-4924

Email Address [email protected]

Address

Street Empire State Plaza

Swan Street Building, Core 4, Floor 1

City Albany

State NY

Zip Code 12220

Notes on Applying To apply for this position, please submit a cover letter and resume clearly indicating how you qualify. Ensure that you include the vacancy ID in the subject of your email for prompt routing. Your Social Security number may be required to confirm eligibility.