Review Vacancy
AgencyState Comptroller, Office of the
TitleProject Assistant (Security Supervisor)
Occupational CategoryNo Preference
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $75243 to $94834 Annually
Minimum Qualifications Job Specifics
The New York State and Local Retirement System (NYSLRS) has embarked on a multi-year initiative, called the Redesign Project, that will require significant investment to redesign its business processes and legacy systems, replacing them with an integrated, customer focused, information system that facilitates its work.
When the Redesign Project is complete, NYSLRS will possess a modern information system, ready to meet the needs of its customers and stakeholders in a secure, flexible and stable environment.
PLEASE NOTE: Please read this posting in its entirety and follow the specific instructions on applying for this position.
Minimum Qualifications
• At least eight (8) years of IT security experience, at least one (1) year of which must be supervising in an IT environment, (e.g. web, imaging, workflow, customer relationship (CRM)).
• Experience must include the following, which may be concurrent:
- One (1) year experience working on advanced security features, such as encryption, and Internet and Web protection.
- One (1) year experience establishing and maintaining an organization's security policy and plan
- One (1) year experience building appropriate user profiles, roles, and privileges, etc., involving all aspects of user administration in support of secure internal and external controls.
A bachelor’s degree in Computer Science or a related field may be substituted for four (4) years of the general experience.
Duties Description • In conjunction with the LOB Solution Vendor, supervise the technical support for operating system security for the new NYSLRS LOB solution and ensure that the Security Manager is aware of any emerging issues.
• In conjunction with the LOB Solution Vendor, supervise the development, implementation, and maintenance of detailed technical designs and procedures for operating system security and required security roles in accordance with existing OSC’s systems standards as well as any other applicable standards.
• In conjunction with the LOB Solution Vendor, supervise the proactive monitoring, diagnosing, and correcting computer system security problems. (i.e., access permissions, password reset, login issues, etc.).
• Assist in oversight of the selection, installation, and maintenance of OSC's computer security software.
• Assist in oversight of the development of backup, recovery and contingency/disaster planning.
• Assist in oversight of the LOB Solution Vendor and QA/IV&V Vendor for conversion planning, to ensure that the servers and operating system environment are designed, developed, installed and are performing in a manner adequate to meet the security needs of the NYSLRS Project.
• Assist in the coordination of CIO staff to ensure they understand the full impact of system security enhancements as they relate to OSC, developing and monitoring SLAs (Service Level Agreements) where necessary to ensure that work is accomplished in a coordinated, well-planned manner and meets expectations.
• Assist in oversight of all aspects of the new NYSLRS LOB solution, other organizations at the Office of the State Comptroller, and external entities, to ensure that security needs are addressed as implementation proceeds.
• Supervise the development and implementation of the LOB user administration process including the creation, maintenance, role maintenance and the related policies, for all internal staff and external customer’s usage of NYSLRS self service web applications.
• Supervise the development and implementation of the policies surrounding the business and IT processes proposed in the LOB Solution including, but not limited to: receiving and sending data to external partners, movement of data files within OSC, business reports, IT Change Supervisement (application and system changes) throughout the system, user lifecycle supervisement as well as the secure integration between component parts of the LOB solution.
• Ensure that all OSC Security Policies and directives are upheld and maintained as the new system is developed.
• Collaborate and cooperate with related ISO and CIO security staff and keep them informed of key security activities.
• Assist in oversight of any third party vendor(s) who may perform Network Vulnerability Assessments. Supervise the review of any reports that are developed in this regard (including reports from the QA/IV&V Vendor) and ensure that any and all deficiencies are reviewed and appropriate follow-up action is taken.
• Supervise the certification and accreditation of the security of the new LOB solution, the program under which it is implemented and the resulting business environment in which it will continue to operate.
• Assist in oversight of the LOB Solution Vendor’s development of an information security program which includes, but is not limited to:
- Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of OSC/NYSLRS;
- Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate;
- Security awareness training;
- Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually;
- A process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of OSC/NYSLRS;
- Procedures for detecting, reporting, and responding to security incidents; and
- Plans and procedures to ensure continuity of operations for information systems that support the operations and assets of OSC/NYSLRS.
• Supervise security audits.
• Supervise data classification activities including the development, implementation and maintenance of NYSLRS’ data classification program in consultation with the division’s business units.
Additional Comments PREFERRED QUALIFICATIONS:
• Ability to effectively assist in leading a team, with responsibility for managing a cohesive staff to ensure achievement of objectives;
• Current holder of Certified Information Systems Security Professional (CISSP), or other certification recognized under Department of Defense Directive 8570.01 at IAT Level II or IAM Level I;
• Demonstrated experience utilizing any of the following software:
- Oracle Identity and Access Supervisement (AIM) Suite.
Desired Knowledge, Skills, Abilities:
• Experience implementing PeopleSoft/Oracle security;
• Experience with PeopleSoft/Oracle role based user administration
• Experience with Oracle Security Server;
• Experience developing annual user security reviews and security audit plans;
• Experience securing data, both at rest and in transit;
• Experience controlling access to backend database objects (tables, views, rows, columns, etc.);
• Experience monitoring system access via audit plan data;
• Knowledge of retirement benefits administration business requirements and their fulfillment through specific IT capabilities and practices;
• Excellent oral and written communication skills;
• Excellent organizational skills;
• Demonstrated experience with the security components of any of the following software:
? PeopleSoft Enterprise 9.1, including
o Human Capital Supervisement (HCM)
o Customer Relationship Supervisement (CRM)
o Financials
o Portal
o Learning Supervisement
? Oracle Policy Administration (OPA) and Policy Modeling;
? Oracle Enterprise Data Quality;
? Oracle WebLogic Suite;
? Oracle SOA Suite;
? Oracle Business Process Supervisement (BPM) Suite;
? Oracle Enterprise Governance, Risk, and Compliance Superviser (GRC);
? Phire Architect;
? Verisign MPKI for SS;
? Oracle Database 11g, including,
o Advanced Security option
o Database Vault
o Audit Vault
o Database Firewall
o Grid Control IAM Supervisement.
Some positions may require additional credentials or a background check to verify your identity.
Email Address recruit@osc.state.ny.us
Address
Notes on ApplyingInterested candidates should submit a cover letter, resume and attached template summarizing preferred qualifications to recruit@osc.state.ny.us no later than June 10, 2015. Please reference Item # 07899bv-OSC in the subject line and on the cover letter.
To obtain the required template; copy and paste the following hyper link into your browser, download and save the template:
http://www.osc.state.ny.us/recruit/docs/7899_template_05_2015.doc
PLEASE NOTE: All candidates MUST complete this template in full to demonstrate they meet the minimum qualifications. Candidates will be selected for interview based SOLELY on the contents provided by them on this template.
IMPORTANT: It is imperative that you provide specific examples to demonstrate your experience for each of the required qualifications listed in this template. Please ensure that you have fully described how you meet the qualifications by providing a FULLY DETAILED description of your experience. Any ambiguity, vagueness, or omissions will not be decided in the candidate’s favor.
When responding, please include the reference number and letters listed in this section. The GOER ID # should not be included.