The Information Security Risk Management Engineer monitors, evaluates, and maintains systems and procedures to protect the information resources from unauthorized use. Develops and performs all procedures necessary to ensure that the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other information system assets. They identify industry standards and regulatory guidelines for information security in order to minimize the risk of compromise of sensitive business systems. They help develop, maintain, and evaluate organizational security policies, standards, and procedures (PSP), and they work closely with application and operations teams to ensure systems controls meet security requirements. They also manage and follow up on results of audits of system security. ADHS policies are based on State of Arizona and modified to meet the requirements of the business.
Performs as a 'subject matter expert' in all information security issues.
Daily responsibilities of a Information Security Risk Management Engineer include:
• Understanding applicable regulations, guidelines and industry best practices to manage risk and ensure compliance.
• Monitoring internal control effectiveness.
• Conducting internal security assessments to ensure continued compliance.
• Explaining roles in managing risk to partners and getting buy-in to improve the organizational risk posture.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
• Draft statements of preliminary or residual security risks for system operation
• Maintains Cyber security insurance with third party insurance vendors and state of Arizona risk management.
They will work closely with other information security staff to identify, analyze, manage, and mitigate information risk. They will also maintain compliance required by HIPAA, PCI, NIST, State of Arizona, ADHS Policy, and any other compliance requirements. Position help will establish a culture of Cyber security agency wide, ensuring mitigation tactics are collectively employed to help reduce risk.
- Establishes, maintains, and updates all IT information security related work flow. Establishes and maintains information security procedures. Creates and updates documentation relating to the information security program including identity and access management. Runs periodic reports to ensure compliance while creating an audit schedule for high risk systems by working with information system owners.
- Develop methods to monitor and measure risk, compliance, and assurance efforts. Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level. Draft statements of preliminary or residual security risks for system operation.
- Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements. Assess the effectiveness of security controls. Maintains Cyber security insurance with third party insurance vendors and state of Arizona risk management. Works with information security technologies and in the areas of risk assessment, compliance and vulnerability management. Pro-actively solves complex problems.
- Installs, monitors, and directs proactive and reactive computer network defense measures to ensure the availability, integrity, and reliability of systems. Proactively solves complex problems. Maintains system reliability and availability. Supports Disaster Recovery and Business Continuity programs.
- Commonly used concepts, practices, and procedures relating to information security.
- Technical knowledge of Windows Operating Systems, MS Office and its advances features, and has a solid understanding of command line interfaces, Linux/Unix, Active Directory, and network devices.
- Reviews and recommends equipment, resources and software; may assist with development or preparation of department level budget; may initiate purchasing.
- Familiar with laws and regulations pertaining to safeguarding customer information and is aware of security aspects to include NIST , SANS Top 20, PCI, Fed Ramp, HIPAA, and others.
- Considerable working knowledge of information security technologies and best practices in the areas.
- Familiarity with various network, system, and application vulnerability scanning tools.
- Risk management to include: risk analysis, vulnerability assessment and regulatory compliance (HIPAA and PCI).
- Good business process knowledge and understanding of business drivers and business objectives to translate them into security requirements.
- Performance Management (PM), and Continuous Quality Improvement (CQI) and Lean methodologies.
- Excellent writing, organization, interpersonal, and communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management, and business personnel.
- Strong project managements skills and experience in creating and managing project plans, including budgeting and resource allocation.
- Proficient in performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Manage multiple tasks simultaneously.
- Interact with government personnel and build strong relationships at all levels and across all business units and organizations and to understand business imperatives.
- Strong leadership abilities, with the capability to develop and guide security and IT operations personnel, and to work with minimal supervision.
- Leads initiatives to develop solutions and processes to meet needs; identifies unique innovative approaches.
- Support a diverse multi-cultural workforce that reflects the community, promotes equal opportunity at all levels of public employment, and creates an inclusive work environment that enables all individuals to perform to their fullest potential free from discrimination.
Bachelor's degree in Engineering, Computer Science, or related field and 5 years IT experience. Certified Information Security Systems Professional preferred.
Employees who drive on state business require possession of and the ability to retain a current, valid state-issued driver’s license appropriate to the assignment. Employees who drive on state business are subject to driver’s license checks, must maintain acceptable driving records and must complete any driver training (See Arizona Administrative Code R2-10-207.11).
Must possess a valid level one fingerprint clearance card issues pursuant to A.R.S. §36-113.
The State of Arizona provides an excellent comprehensive benefits package including:
− Affordable medical and dental insurance plans
− Paid vacation and sick time
− 10 paid holidays per year
− Wellness program and plans
− Life insurance
− Short/long-term disability insurance
− Defined retirement plan
− Award winning Infant at Work program
− Credit union membership
− Transit subsidy
− ADHS Student Assistance Pilot Program
For a complete list of benefits provided by The State of Arizona, please visit our benefits page
To help you build a financially secure future, the State makes monthly contributions to finance your retirement benefit. The State will make a contribution to the ASRS in an amount equal to your contribution. In other words, you and the State will each pay 50% of the total cost of the benefit. New State employees have a 27 week wait period for contributions to begin.
Arizona State Government is an EOE/ADA Reasonable Accommodation Employer. Persons with a disability may request a reasonable accommodation such as a sign language interpreter or an alternative format by calling (602) 542-1085. Requests should be made as early as possible to allow sufficient time to arrange the accommodation. DHS is an Equal Employment Opportunity Employer. All newly hired employees will be subject to E-Verify Employment Eligibility Verification.
ARIZONA MANAGEMENT SYSTEM (AMS)
All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress. Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.
State employees are highly engaged, collaborative and embrace a culture of public service.
Arizona State Government is an AA/EOE/ADA Reasonable Accommodation Employer.