Information Systems Security Compliance Manager
Location: Carson City NV ( REMOTE )
Position Description
Information Technology (IT) Professionals analyze develop implement maintain and modify computer operations systems networks databases applications and/or information security. Incumbents may perform duties in one or more IT specialization areas depending on the needs of the agency. Incumbents perform supervisory duties and manage projects of varying size scope and impact to agency operations to include serving as the project leader; planning organizing and directing project activities; resolving design conflicts; data administration; resource allocation; contract negotiation; timeline development; critical path tracking; justifying the need for additional resources; and coordination with other work units within and outside the organization as assigned.
Primary responsibilities will be performing the duties of an Information Security Officer. Security functions include but are not limited to:
Conduct comprehensive assessments of the management in accordance with NIST Risk Management Framework (RFM) operational and technical security controls employed within or inherited by a system to determine the overall effectiveness of the security controls using NIST 80053 and Center for Internet Security (CIS) Controls for DMV ONPREM and Cloud environments including AWS Salesforce and Mulesoft CSPs. Generate and maintain required IS security documentation including Systems Security Plans (SSP) Information Assurance Standard Operating Procedures (IA SOP) Continuous Monitoring Plans Security Control Traceability Matrices Risk Assessments Plan of Action & Milestones (POA&M) equipment specifications practices and procedures. The position will perform security audits and support external agency audits to ensure compliance with state and federal rules in the following areas: investigations security awareness training administration security access control recommendations badge access administration risk assessments approval authorization anomalous activity detection alert notifications and incident response and evaluation of software and hardware recommendations with related cost estimates. Maintain daytoday security posture and continuous monitoring of DMV networks and systems utilizing tools such as Tenable Symantec Alteris Anomali and Solarwinds in accordance with security policies and procedures. Schedule perform and maintain records of required IS auditing patching maintenance software/hardware changes and scanning based on evolving threat/vulnerabilities and customer compliance requirements. Assess changes to an IS by performing periodic selfinspections for compliance with PCIDSS CJIS and state and federal data privacy requirements tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities. Minimum Qualifications
Bachelors degree from an accredited college or university with major course work in computer science management information systems or closely related field and five years of progressively responsible professional IT experience relevant to the duties of the position which may include systems administration network administration database administration applications analysis and development and/or information security two years of which were at the advanced journey level or in a supervisory or project management capacity; OR Bachelors degree from an accredited college or university with major course work in computer science management information systems or closely related field and five years of progressively responsible professional IT experience which may include systems administration network administration database administration applications analysis and development and/or information security relevant to the duties of the position two years of which were at the journey level in information security; OR two years of relevant experience as an IT Professional III in Nevada State service; OR an equivalent combination of education and experience as described above. Special Requirements
- Current CISSP and PCIDSS ISA certifications
- A preemployment criminal history check and fingerprinting are required. Persons offered employment in this position will be required to pay for these items.
- Current AWS Certified Security Salesforce Cloud Security Engineer (desired)
- Work is with Confidential information and requires ONSITE duties and functions.
