Review Vacancy
AgencyState Comptroller, Office of the
TitleProject Assistant (Security Assistant Manager)
Occupational CategoryNo Preference
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $83493 to $102838 Annually
Minimum Qualifications Job Specifics
The New York State and Local Retirement System (NYSLRS) has embarked on a multi-year initiative, called the Redesign Project, that will require significant investment to redesign its business processes and legacy systems, replacing them with an integrated, customer focused, information system that facilitates its work.
When the Redesign Project is complete, NYSLRS will possess a modern information system, ready to meet the needs of its customers and stakeholders in a secure, flexible and stable environment.
PLEASE NOTE: Please read this posting in its entirety and follow the specific instructions on applying for this position.
Minimum Qualifications
• At least nine (9) years of IT security experience, at least two (2) years of which must be supervising in an IT environment, (e.g. web, imaging, workflow, customer relationship management (CRM)).
• Experience must include the following, which may be concurrent:
- Two (2) years experience working on advanced security features, such as encryption, and Internet and Web protection.
- Two (2) years experience establishing and maintaining an organization's security policy and plan
- Two (2) years experience building appropriate user profiles, roles, and privileges, etc., involving all aspects of user administration in support of secure internal and external controls.
A bachelor’s degree in Computer Science or a related field may be substituted for four (4) years of the general experience.
Duties Description Under the general direction of the Security Manager, the role of the Security Assistant Manager is to supervise Redesign security project staff ensuring that all security controls are defined, documented, and implemented in the new Retirement Benefit Administration System. The Security Assistant Manager will be responsible for, but not limited to, the following:
JOB DUTIES
• In conjunction with NYSLRS’ Selected Implementation Vendor, manage the technical support for operating system security for the new Retirement Benefit Administration System and ensure that the Security Manager is aware of any emerging issues.
• In conjunction with NYSLRS’ Selection Implementation Vendor, manage the development, implementation, and maintenance of detailed technical designs and procedures for operating system security and required security roles in accordance with existing OSC’s systems standards as well as any other applicable standards.
• In conjunction with NYSLRS’ Selected Implementation Vendor, manage the proactive monitoring, diagnosing, and correcting of computer system security problems. (i.e., access permissions, password reset, login issues, etc.).
• Assist in oversight of the selection, installation, and maintenance of OSC's computer security software.
• Assist in oversight of the development of backup, recovery and contingency/disaster planning.
• Assist in oversight of NYSLRS’ Selected Implementation Vendors for conversion planning, to ensure that the servers and operating system environment are designed, developed, installed and are performing in a manner adequate to meet the security needs of the NYSLRS Project.
• Assist in the coordination of CIO staff to ensure they understand the full impact of system security enhancements as they relate to OSC, developing and monitoring SLAs (Service Level Agreements) where necessary to ensure that work is accomplished in a coordinated, well-planned manner and meets expectations.
• Assist in oversight of all aspects of the new Retirement Benefit Administration System, other organizations at the Office of the State Comptroller, and external entities, to ensure that security needs are addressed as implementation proceeds.
• Manage the development and implementation of the LOB user administration process including the creation, maintenance, role maintenance and the related policies, for all internal staff and external customer’s usage of NYSLRS self service web applications.
• Manage the development and implementation of the policies surrounding the business and IT processes proposed in the new Retirement Benefit Administration System including, but not limited to: receiving and sending data to external partners, movement of data files within OSC, business reports, IT Change Management (application and system changes) throughout the system, user lifecycle management as well as the secure integration between component parts of the new Retirement Benefit Administration System.
• Ensure that all OSC Security Policies and directives are upheld and maintained as the new system is developed.
• Collaborate and cooperate with related ISO and CIO security staff and keep them informed of key security activities.
• Assist in oversight of any third party vendor(s) who may perform Network Vulnerability Assessments. Manage the review of any reports that are developed in this regard (including reports from the QA/IV&V Vendor) and ensure that any and all deficiencies are reviewed and appropriate follow-up action is taken.
• Manage the certification and accreditation of the security of the new Retirement Benefit Administration System, the program under which it is implemented and the resulting business environment in which it will continue to operate.
• Assist in oversight of NYSLRS’ Selected Implementation Vendor’s development of an information security program which includes, but is not limited to:
- Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of OSC/NYSLRS.
- Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate.
- Security awareness training.
- Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually.
- A process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of OSC/NYSLRS.
- Procedures for detecting, reporting, and responding to security incidents.
- Plans and procedures to ensure continuity of operations for information systems that support the operations and assets of OSC/NYSLRS.
• Manage security audits.
• Manage data classification activities including the development, implementation and maintenance of NYSLRS’ data classification program in consultation with the division’s business units.
Additional Comments PREFERRED QUALIFICATIONS:
• Ability to effectively assist in leading a team, with responsibility for managing a cohesive staff to ensure achievement of objectives;
• Current holder of Certified Information Systems Security Professional (CISSP), or; CSSLP-Certified Secure Software Lifecycle Professional;
• Demonstrated experience utilizing any of the following software:
o Oracle Identity and Access Management (AIM) Suite.
Desired Knowledge, Skills, Abilities:
• Experience implementing PeopleSoft/Oracle security;
• Experience with PeopleSoft/Oracle role based user administration
• Experience with Oracle Security Server;
• Experience developing annual user security reviews and security audit plans;
• Experience securing data, both at rest and in transit;
• Experience controlling access to backend database objects (tables, views, rows, columns, etc.);
• Experience monitoring system access via audit plan data;
• Knowledge of retirement benefits administration business requirements and their fulfillment through specific IT capabilities and practices;
• Excellent oral and written communication skills;
• Excellent organizational skills
• Demonstrated experience with the security components of any of the following software:
- PeopleSoft Enterprise 9.1, including
o Human Capital Management (HCM)
o Customer Relationship Management (CRM)
o Financials
o Portal
o Learning Management
- Oracle Policy Administration (OPA) and Policy Modeling
- Oracle Enterprise Data Quality
- Oracle WebLogic Suite
- Oracle SOA Suite
- Oracle Business Process Management (BPM) Suite
- Oracle Enterprise Governance, Risk, and Compliance Manager (GRC)
- Phire Architect
- Verisign MPKI for SS
- Oracle Database 11g, including,
o Advanced Security option
o Database Vault
o Audit Vault
o Database Firewall
o Grid Control IAM Management
Some positions may require additional credentials or a background check to verify your identity.
Email Address recruit@osc.state.ny.us
Address
Notes on ApplyingNotes on Applying:
Interested candidates should submit a cover letter, resume and attached template summarizing preferred qualifications to recruit@osc.state.ny.us no later than February 18, 2016. Please reference Item # 07898bv-OSC in the subject line and on the cover letter. To obtain the required template; copy and paste the following hyper link into your browser, download and save the template:
http://www.osc.state.ny.us/recruit/docs/7898_template_02_2016.doc
PLEASE NOTE: All candidates MUST complete this template in full to demonstrate they meet the minimum qualifications. Candidates will be selected for interview based SOLELY on the contents provided by them on this template.
IMPORTANT: It is imperative that you provide specific examples to demonstrate your experience for each of the required qualifications listed in this template. Please ensure that you have fully described how you meet the qualifications by providing a FULLY DETAILED description of your experience. Any ambiguity, vagueness, or omissions will not be decided in the candidate’s favor.
When responding, please include the reference number and letters listed in this section. The GOER ID # should not be included.