DPS - LS - Cyber Risk & Governance Analyst I - 0319

GENERAL DESCRIPTION:

Perform moderately complex (journey-level) information security and cybersecurity analysis work. Work involves planning, implementing, and monitoring security measures for information systems and infrastructure to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information. Conduct security risk management activities including security control assessments, system and network risk assessments, and communication of risk levels to technical and non-technical audiences. May train others. Work under general supervision, with moderate latitude for the use of initiative and independent judgment.The following Military Occupational Specialty codes are generally applicable to this position. Applicants must fully complete the summary of experience to determine if minimum qualifications are met.ESSENTIAL DUTIES / RESPONSIBILITIES: 1. Perform complex technical risk assessments and security plan reviews for new and established applications or systems.2. Advise management and users regarding security procedures.3. Coordinate with agency personnel and outside vendors to discuss issues such as system security plans and risk assessments.4. Coordinate with users to discuss issues such as information system security plans with agency personnel and outside vendors.5. Coordinate the implementation of information system security plans with agency personnel and vendors.6. Develop plans to safeguard computer files, correct errors, or change individual access status.7. Review agency contracts to ensure appropriate security requirements are included and adhered to.8. Perform technical risk assessments and reviews of new and existing applications and systems, including data center physical security and environment.9. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed and elevate them for review.10. Ensure residual risk is elevated and formally documented on a corrective action plan, if the CISO approves a system that does not meet all the security requirements for operation.11. Ensure that all risks not mitigated are documented for CISO acceptance and that Plans of Action and Milestones (POA&M) are created.12. Ensure each system is evaluated based on its environment and sensitivity levels.13. Evaluate complex business and technical requirements and communicate inherent security risks to technical and non-technical owners.14. Collaborate with IT to manage security vulnerabilities.15. Ensure the NIST based risk management process is followed and evangelize adoption of best practices.16. Research systems and procedures for the prevention, detection, containment, and correction of data security breaches.17. Perform other duties as assigned. Qualifications GENERAL QUALIFICATIONS and REQUIREMENTS: Education – Graduation from a standard high school or GED equivalent is required. Graduation from an accredited two-year college with major course work in computer science, information technology, or a related discipline is preferred.Experience – Minimum of two years’ experience performing cybersecurity analysis, information security analysis, or information technology is required.Substitution Note: Education may be substituted for the experience requirement on a year-for-year basis. Licensure and/or Certification – If driving is required, must possess a valid driver license from state of residence.Regulatory Knowledge – Working knowledge of, or the ability to rapidly assimilate information related to TXDPS, State and Federal regulations, legislation, guidelines, policies and procedures.Security/Risk Knowledge –• Extensive in-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.• In-depth knowledge of risk assessment methods and technologies.• Proficiency in performing risk, business impact, control and vulnerability assessments.• Ability to provide guidance for security activities in the project management life cycle, system development life cycle and application development efforts.Technology (computers/hardware/software/operating systems) – Must possess appropriate levels of proficiency with utilized software and systems and be able to learn new software/systems. • Considerable knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.• Strong working knowledge of information technology and security, including vulnerability scanning/penetration tools, network firewall technologies, Internet applications, E-Business, telecommunications and/or computer systems analysis.• Demonstrated proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Outlook).Interpersonal Skills – Must demonstrate an ability to exercise poise, tact, diplomacy and an ability to establish and maintain positive, working/professional relationships with internal/external customers.Organizational and Prioritization Skills – Must be organized, flexible, and able to effectively prioritize in a multi-demand and constantly changing environment; able to meet multiple and sometimes conflicting deadlines without sacrificing accuracy, timeliness or professionalism.Presentation/Communication Skills – Must be able to construct and deliver clear, concise, and professional presentations to a variety of audiences and/or individuals.Research and Comprehension – Must demonstrate ability to quickly and efficiently access relevant information, and be able to utilize and/or present research and conclusions in a clear and concise manner.Analytical Reasoning/Attention to Detail – Must demonstrate an ability to examine data/information, discern variations/similarities, and be able identify trends, relationships and causal factors, as well as grasp issues, draw accurate conclusions, and solve problems.Confidentiality and Protected Information – Must demonstrate an ability to responsibly handle sensitive and confidential information and situations and adhere to applicable laws/statutes/policies related to access, maintenance and dissemination of information.Travel and/or Schedule – Availability for after-hour and weekend work is required.PHYSICAL and/or ENVIRONMENTAL DEMANDS: The physical and environmental demands described here are representative of those encountered and/or necessary for the employee to successfully perform the essential functions of this job; reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.• Environment: Office;• Ambulatory skills, e.g. stand, walk, sit, balance, crouch;• Hand-eye coordination and arm/hand/finger dexterity;• Ability to speak, hear, and exercise visual acuity;• Ability to transfer weights of ten pounds anticipated for this position;• Driving requirements: Occasional (10%).***Candidates going before the oral board will be notified via email provided on the application of the required test(s).***

---