Under the direction of a Lead Information Security Analyst, ITS 3 [SG 23], within the Chief Information Security Office/Integrated Security Services/Security Services Team the position will be a member of a Security Services Team that provides security services to one or more ITS Portfolios and their client agencies. The incumbent will provide in-depth information security consulting and services aligned with business needs of the client agencies to ensure confidentiality, integrity, and availability of information and systems.
The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
Specific duties include, but are not limited to:
- Implements information security and compliance programs:
o Participates in the development, interpretation, review, and communication of NYS information security policies, procedures, and standards.
o Supports the implementation of information security procedures and protocols and participates in security risk reviews and remediation activity including producing written reports.
o Develops and maintains expertise in cyber security compliance domains and frameworks.
- Supports the management and resolution of security threats to agency information systems:
o Assists with implementing information security incident response plans, and reports.
o Assists with response to potential security incidents.
o Escalates security concerns and report incidents to the applicable entities for review and action.
- Serves as information security expert, and evaluates systems and contracts for alignment with agency and State information security policies:
o Acts as information security liaison to agency and portfolio staff, maintaining close relationships to ensure security services align with business needs.
o Provides information security expertise to information security staff, ITS, and ITS-served agencies on a broad range of information security standards and best practices.
o Acts as Information Security Lead on ITS Projects and Initiatives to ensure security by design through implementation of the Secure Systems Development Lifecycle (SSDLC).
- Monitors and stays aware of information security industry trends, tools, and techniques.
- Performs additional duties as required.