Review Vacancy
AgencyInformation Technology Services, Office of
TitleProject Assistant, NS (Equated to SG-23), Ref. #18438
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $0 to $90876 Annually
Minimum Qualifications Five or more years of experience in Information Security. This experience must include:
• Creating cyber security standards, guidelines and associated procedures.
• Assessing systems and documentation for the complete implementation of necessary security controls through a secure system development life cycle.
• Experience in remediating Cyber Security Risk based on the NIST Special Publication 800-53r4 security framework, which has been adopted by New York State as the minimal best practices for Information Security.
The following degrees, preferably in Information Security, Computer Science, or related field, may substitute for the general experience as indicated:
• Associate’s degree and four years of experience
• Associate’s degree including 15 semester credit hours in computer science or related field and three years of experience
• Bachelor’s degree and three years of experience
• Bachelor’s degree including 15 semester credit hours in computer science or related field and two years of experience
• Master’s degree in computer science or related field substitutes for an additional year of experience
• Doctorate in computer science or related field substitutes for an additional two years of experience
Preferred Qualifications:
• One or more of the following certifications
o (ISC)² Certified Information Systems Security Professional (CISSP)
o Microsoft Certified System Administrator (MCSA)
o Microsoft Certified Desktop Support Technician (MCDST)
• Work well independently as well as part of a team within a fast-paced environment to analyze, design, and deliver rapid solutions
• Communicate effectively with both technical and non-technical individuals to effectively describe and develop user requirements and technical capabilities for stakeholders and developers
Duties Description Under the direction of a Manager Information Technology Services 2, SG29 within the Public Safety Cluster (PSC) Information Security Office (ISO), located in Albany, the Project Assistant will function as the lead Cluster subject matter expert for tracking and facilitation of all PSC Risk Remediation projects, as well as the lead for secure system development lifecycle (SSDLC) activities.
Duties include, but are not limited to, the following:
• Track and facilitate all PSC Risk Remediation projects, which currently include
o Windows Server 2003 end of life remediation
o Application Risk Assessment remediation
o Secure Coding Assessment remediation
o PSC audit of DCJS findings remediation
o Deloitte CJS compliance assessment remediation
• Serve as a subject matter expert regarding all vulnerabilities, risks, and compliance gaps related to PSC Risk Remediation efforts.
o Analyze and prioritize each issue, and provide guidance on how the issues can be successfully eliminated, either directly or through appropriate compensating controls.
• Track and report on risk remediation activities.
o Record in ITSM and SharePoint the status of reducing the risks faced by PSC systems and applications, and generate and distribute regular progress reports to PSC Executive Management, ITS Enterprise Information Security Office, and Agency Risk Officers.
o Analyze the progress made and identify any issues or roadblocks to further progress on a per item basis.
• Guide PSC Agencies with improving their maturity on the National Cyber Security Review (NCSR), used to gauge the effectiveness and completeness of a security control.
o Meet with PSC Agencies and develop a program to raise their maturity level in areas that are lacking, providing additional staff training, and documenting and implementing new procedures.
• Lead PSC secure system development lifecycle activities for new projects
o Serve as a lead ISO resource engaged with multiple PSC projects to maintain compliance with SSDLC requirements.
o Ensure system/application security plans are complete, accurate, and approved by Agency Risk Coordinators.
Additional Comments Some positions require fingerprinting.
Some positions may require additional credentials or a background check to verify your identity.
Email Address HR.Recruitment@its.ny.gov
Address
Street NYS Office of IT Services
Empire State Plaza, PO Box 2062
Notes on ApplyingPlease submit a clear, concise cover letter and resume indicating that you are applying for Project Assistant, Ref. #18438 and describing how you meet the minimum qualifications no later than August 27, 2017.