The Department of Economic Security, Division of Technology Services is seeking an experienced and highly motivated individual to join our team as a Senior Information Security Analyst Technical Writer (ISATW). This position will provide support on Security Risk and Compliance (SRC) Team to compose IT Policies, Procedures, Standards, Plan Documents, and Security Forms in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.
The State of Arizona strives for a work culture that affords employees flexibility, autonomy, and trust. Across our many agencies, boards, commissions, many State employees participate in the State's Remote Work Program and are able to work remotely in their homes, in offices, and in hoteling spaces. All work, including remote work, should be performed within Arizona unless an exception is properly authorized in advance.
• Review and evaluate IT Policies, Procedures, Standards, Plan Documents, and Security Forms in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations.
• Conducts daily traffic analysis, identifies, and characterizes incidents, gathering information, identify areas for further work, and perform risk assessments, audit reviews, generate findings reports, and make appropriate recommendations for improvement and track outcomes from those activities for DES reporting requirements.
• Evaluate data and formulate comprehensive reports detailing the findings, areas of non-compliance, required action plans, and environmental observations. Generates incident reports, and investigates suspicious network activity.
• Perform inspections, security assessments and/or evaluations, and special assessments (such as management, vulnerability, after-action) as requested.
• Update security related audit plans, security plans and risk plans documentation for accuracy and consistency, proactively solves problems.
• Research agency and industry IT security practices standards, best practices, laws and regulations, and other applicable resources, ensures compliance with standards.
• Preparing audit documentation that supports audit results, drafting and editing audit findings to adhere to the standards and the agency's writing style.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, principles, and ethics as they relate to cybersecurity and privacy. (Required: NIST 800-53, IRS Pub1075, HIPAA/HITRUST, and various other healthcare (CMS is a PLUS) and financial).
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of information technology (IT) architectural concepts and frameworks.
• Knowledge of Risk Management Framework (RMF) requirements.
• Expert knowledge of internal auditing, internal controls, risk management, and finance and accounting practices and methods.
• Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Skill in conducting audits or reviews of technical systems.
• Comprehensive understanding of internal control environments within the IT function.
• Experience with multiple technology domains including aspects of Windows, Unix and/or database administration, software development and networking.
• Skill to ensure that accountability information is collected for information system and information and communications technology.
• Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Ability to produce high quality work products for both the IT groups and Senior Management.
• Excellent interpersonal, written, and oral communication skills.
• Ability to balance, prioritize, and organize multiple tasks.
• Ability work collaboratively in teams and across organizations; Synthesize feedback and adjust plans; accordingly, build strong relationships inside and outside the organization; Manage large teams;
• Ability to ensure security practices are followed throughout all phases of life cycle of every aspect of business and IT processes.
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities; Ability to exercise judgment when policies are not well-defined.
• Ability to ensure information security management processes are integrated with strategic and operational planning processes; ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.
• Ability to understand technology, management, and leadership issues related to organization processes and problem solving; Ability to understand the basic concepts and issues related to cyber and its organizational impact.
• Ability to work collaboratively in teams and across organizations.
• Bachelor's degree in accounting or IT and 3yrs IT Experience with a minimum of 1 year auditing IT environments; or, CISA certification with at least 5 years of IT Experience and 3 years of auditing within an IT environment. CRISC, CRMA or CGEIT can replace the CISA. Good to have an accounting or IT certification - preferred CISA or CRISC, CRMA or CGEIT.
• Travel may be required for State business. Employees who drive on state business must complete any required driver training (see Arizona Administrative Code R2-10-207.12.) AND have an acceptable driving record in accordance with DES Fleet Management-Safety Program policy and procedures (DES 1-07-26 & DES 1-07-26-01). Employees may be required to use their own transportation as well as maintaining valid motor vehicle insurance and current Arizona vehicle registration; however, mileage will be reimbursed.
• ARS 41-1969 Each employee or contractor of the department of economic security who is employed in an information technology position shall have a valid fingerprint clearance card issued pursuant to ARS 41-1758.07.
• Bachelor’s degree OR 3 or more years of experience in information security analysis (or equivalent experience).
We offer a competitive benefits package that is unmatched by the private sector and a culture that encourages team success and advocates for personal advancement.
-Affordable Health, Dental, Vision and Life and Disability Insurance
-10 holidays per year
-Paid Vacation and Sick time off - start earning it your 1st day
-Eligible to participate in the Public Service Loan Forgiveness Program (must meet qualifications)
-Contribute to, and participate in the Arizona State Retirement System
-Ride Share and Public Transit Subsidy
-Career Advancement Opportunities
-Opportunity to work remotely (home office) on an ad-hoc basis
By providing the option of a full-time or part-time remote work schedule, employees enjoy improved work/life balance, report higher job satisfaction, and are more productive. Remote work is a management option and not an employee entitlement or right. An agency may terminate a remote work agreement at its discretion.
For a complete list of benefits provided by The State of Arizona, please visit our benefits page
State employees are required to participate in the Arizona State Retirement System (ASRS), the State sponsored retirement contribution plan and the Long-Term Disability (LTD) program after a 27-week waiting period. The ASRS defined benefit plan provides for life-long income upon retirement. You will also have the option to participate in a voluntary deferred compensation program to take advantage of tax-deferred retirement investments.
On, or shortly after, your first day of work you will be provided with additional information about the available insurance plans, enrollment instructions, submission deadlines and effective dates.
Apply through azstatejobs.azdoa.gov. For questions about this career opportunity, please call Benson Walker at 480-318-4150 or email email@example.com.
Persons with a disability may request a reasonable accommodation such as a sign language interpreter or an alternative format by contacting 602-771-2909.
Requests should be made as early as possible to allow time to arrange the accommodation. Arizona State Government is an AA/EOE/ADA Reasonable Accommodation Employer.
ARIZONA MANAGEMENT SYSTEM (AMS)
All Arizona state employees operate within the Arizona Management System (AMS), an intentional, results-driven approach for doing the work of state government whereby every employee reflects on performance, reduces waste, and commits to continuous improvement with sustainable progress. Through AMS, every state employee seeks to understand customer needs, identify problems, improve processes, and measure results.
State employees are highly engaged, collaborative and embrace a culture of public service.
The State of Arizona is an Equal Employment Opportunity Employer.