at Maine Public Employees System in Augusta, Maine, United States
SUMMARY: This position performs a variety of professional, technical and analytical duties. Responsibilities include assisting in ensuring the security of the information system assets from unauthorized access, modification or destruction of data by monitoring security measures, and reviewing daily and monthly logs and reports. Assists with implementing policies, programs, and practices established by the Information Technology Oversight Council and may work with end users to determine needs of individual business units. Verifies compliance with security policies and practices across the organization. Assists in responding to computer security breaches or malware to safeguard the entire computing environment. Works with the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained. Position reports to the Director Information Technology.
ESSENTIAL FUNCTIONS: (A position may not be assigned all of the duties listed, nor do the listed examples include all of the duties that may be assigned.)
- Assists in the research, development, publishing and maintenance of policies, programs, and practices to establish data security standards and guidelines following National Institute of Standards and Technology (NIST) cybersecurity standards.
- Reports to Deputy Executive Director of Administration concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Assists in the oversight of compliance with the Information Security Program requirements.
- Develops information security risk assessments and action plans.
- Performs audits and ad-hoc compliance reviews of existing processes and actions against policies, programs, and practices.
- Evaluates security and privacy risks while balancing business needs and objectives.
- Assists in providing security specifications for the installation and testing of security software.
- Assists in the evaluation of vendor partners as part of due diligence.
- Oversees and manages MainePERS Penetration Testing and Vulnerability Assessments programs.
- Develops a common set of security tools. Defines operational parameters for their use, and conducts reviews of tool output.
- Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
- Executes risk assessment activities, analyzes the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
- Tunes and runs vulnerability-scanning and penetration-testing tools.
- Assists the IT operations team in the management of all security related software to include IPS/IDS, firewalls, Endpoint protection, content filtering, and any other software that has a critical impact on the Security of MainePERS IT infrastructure.
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
- Assists in ensuring change management is in compliance with the security policies and practices.
- Assists with the Business Continuity and Disaster Recovery planning and testing.
- Conducts analysis of information system security levels and recommends changes to enhance security measures.
- Participates in training and communication with other personnel across departments in order to explain and assist in the integration of information security measures.
- Remains current on laws, regulations, and industry best practices relating to data security to assess any potential effect on internal security standards and requirements.
- Works with assigned committees/teams in support of the System’s goals and objectives.
- Performs other duties as assigned.
Supervisory: No supervisory responsibility.
COMPETENCIES (These are required to successfully perform the essential functions.)
Instills Trust; gaining the confidence and trust of others through honesty, integrity and authenticity.
Tech Savvy; anticipating and adopting innovations in business-building digital and technology applications.
Drives Results; consistently achieving results, even under tough circumstances.
Communicates Effectively; developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences.
Decision Quality; making good and timely decisions that keep the organization moving forward.
Ensures Accountability; holding self and others accountable to meet commitments.
Collaborates; building partnerships and working collaboratively with others to meet shared objectives.
Resourcefulness; securing and deploying resources effectively and efficiently.
Self-development; actively seeking new ways to grow and be challenged using both formal and informal development channels.
Global Perspective; taking a broad view when approaching issues, using a global lens.
Manages Complexity; making sense of complex, high quantity and sometimes contradictory information to effectively solve problems.
Being Resilient; rebounding from setbacks and adversity when facing difficult situations.
Persuades; using compelling arguments to gain the support and commitment of others.
Organizational Savvy; maneuvering comfortably through complex policy, process and people-related organizational dynamics.
Situational Adaptability; adapting approach and demeanor in real time to match the shifting demands of different situations.
- High School graduation and five (5) years of work experience conducting research, demonstration of problem solving, demonstration of advance technology usage, and demonstration of methodical work habits.
- Bachelor’s degree in Information Systems, Cybersecurity, Computer Science or other relevant degree from an accredited college or university with one IT certification, or
- Associates or technical degree with at least three IT certifications, or
- 2 years of experience working in Information Security with a minimum of two IT certifications.
Pays $24.45 per hour ($50,856 annually) with excellent benefits.
Submit the resume and cover letter by 5:00 PM on Tuesday, June 14, 2022 to HR@MainePERS.org.