Cyber Risk And Compliance Assessor Information Systems Specialist Work

Initial Posting Date:
05/09/2024 Application Deadline:
05/23/2024 Agency:
Oregon Health Authority Salary Range:
$7,149 - $10,826 Position Type:
Employee Position Title:
Sr. Cyber Risk and Compliance Assessor (Information Systems Specialist 8) Hybrid Work Options Job Description:
Please attach a current version of your resume and a cover letter that addresses the points listed under the section titled What We Are Looking For.
PLEASE NOTE: Resumes, cover letters and all other documents must all be uploaded at one time. When uploading a resume, please upload any other documents in the same area/field.
Applications without complete Workday applications, a resume and cover letter will be removed from consideration.
The Oregon Health Authority
(OHA) has a fantastic opportunity for an experienced Sr. Cyber Risk and Compliance Assessor to join an excellent team and work to advance their IT operations. The Office of Information Service's mission is to deliver technology solutions and services that support Oregon Health Authority and Oregon Department of Human Services in helping Oregonians achieve health, well-being, and independence.
More information about the Office of Information Services and current job opportunities can be found here
The Oregon Health Authority is committed to:
Eliminating health inequities in Oregon by 2030 Becoming an anti-racist organization Developing and promoting culturally and linguistically appropriate programs, Developing and retaining a diverse, inclusive, and equitable workforce that represents the diversity, cultures, strengths, and values of the people of Oregon. Click here
to learn more about OHA's mission, vision, and core values. This is a full-time permanent opportunity for anyone to apply. This position is a classified position represented by a union.
This position falls under the Information Systems Specialist 8 classification.
What you will do!
This position provides cyber risk, compliance, and security expertise in areas such as software development, access and control methodologies, operations, continuity planning, and the entire system life cycle. This position assists in ensuring that business security requirements are accurately reflected in technical specifications and that the department has appropriate security integration throughout all systems development. This person will have a key role in the analysis and evaluation of security design, development, testing and implementation of complex security infrastructures.
The person in this position may serve as a chief architect, analyst, or consultant for ongoing security related activities. The goal is to provide appropriate access to and protect the confidentiality and integrity of ODHS and OHA information in compliance with federal/state regulations, agency security policies and standards and contractual obligations. The person in this position will assist the Chief Information Risk Officer in the overall security of ODHS and OHA information systems, networks, and business continuity planning. This person is a security consultant for information security issues and incidents. This person will provide technical guidance for the development and implementation of departmental security policies and procedures. This person may also be required to develop and review security requirements for initiatives and projects. This person may be assigned to provide risk & compliance analysis and security consultative services for specific projects.
What we are looking for!
(Please clearly outline how you meet the minimum requirements and special qualifications in your application/resume/cover letter. Failure to do so might disqualify you from consideration)
SPECIAL QUALIFICATIONS:
Successful completion of one of the following certifications or willingness to obtain one within 12 months of hire: (a) Certified Information Systems Security Professional (CISSP); (b) Certified Information Security Manager (CISM); (c) Certified Information Privacy Professional (CIPP), (d) Certified in Risk and Information Systems Controls (CRISC), or (e) Certified Data Privacy Solutions Engineer (CDPSE)
MINIMUM REQUIREMENTS:
(a) Seven (7) years of information systems experience in:
Advising on the best practices (or implementation) of regulatory security and privacy controls In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services). OR
(b) An Associate's degree or higher in Computer Science, Information Technology, or related field, OR completion of a two (2) year accredited vocational training program in information technology or related field.
AND 5 years of information systems experience in:
Advising on the best practices (or implementation) of regulatory security and privacy controls In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services). OR
(c) A Bachelor's degree in Information Technology, Computer Science, or related field AND three (3) years of information systems experience in:
Advising on the best practices (or implementation) of regulatory security and privacy controls In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services). OR
(d) Master's degree in Information Technology, Computer Science, or related field
AND one (1) year of information systems experience in:
Advising on the best practices (or implementation) of regulatory security and privacy controls In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services). Desired Attributes
Knowledge and ability to interpret the best practices, and the ability to advise business partners on the implementation of the following regulatory security and privacy controls. Center of Internet (CIS) Security Controls. National Institute for Standards and Technology (NIST). Microsoft technologies (including Active Directory, Azure, Cloud Services). Familiarity with information security and privacy programs, threats, and vulnerabilities. Facilitate complex communication of risks to agency leaders and business owners. This position requires excellent communication skills and the ability to work with and facilitate diverse groups and individual. The position requires the ability to prioritize workloads and the ability to analyze complex procedures, processes, and policies. Ability to manage multiple projects and competing priorities of agency demands. Critical thinking skills with the ability to independently solve problems with data. Experience in creating and maintaining a work environment that is respectful and accepting of diversity among team members and the people we serve. What's in it for you?
Medical, vision, and dental benefits Eleven (11) paid holidays. Eight (8) hours of vacation per month, eligible to be used after 6 months of service. Eight (8) hours of sick leave per month, eligible to be used as accrued. 24 hours of personal business leave per fiscal year, eligible to be used after 6 months of service. Pension and retirement programs Opportunity to potentially receive loan forgiveness under the Public Service Loan Forgiveness Program (PSLF) Continuous growth and development opportunities Opportunities to serve your community and make an impact through meaningful work. A healthy work/life balance, including fulltime remote options as well. Working Conditions:
Working conditions are those of a general office environment in a close-knit, team-oriented environment. Weekend and evening work may be necessary to meet customer demands. Deadlines and department requirements may create stressful situations. This position requires the ability to work on multiple tasks simultaneously and within short time frames interface effectively with customers.
How to Apply
Complete the online application. Complete questionnaire Attach a resume. Attach a cover letter of no more than two pages addressing the "What we are looking for?" section including required and preferred skills. Tips for submitting your Workday application!
Your candidate profile and resume are the perfect opportunity to highlight your interest in the position and showcase the amazing skills and experience, making you the best candidate for the position. Submissions will be screened for consistency of information and communication skills at the professional level (attention to detail, spelling, grammar, etc.).
This posting closes at 11:59 PM on the close date listed. Workday will timeout after 15 minutes of inactivity. Workday performs best in Google Chrome. You must have a valid email address to apply. Check both your email and Workday account for updates regarding this recruitment. Please print or save a copy of this announcement. You will not have access to it once the posting closes. Click here for Resources
and a Job Support Page
.
Please ensure you've provided a thorough and updated application as it pertains to the position for which you are applying. If you meet the minimum qualifications for the position, and are the successful candidate, you may qualify for work out of class. For further information, please visit the Pay Equity Project homepage.
Questions/Need Help?
If you need assistance to participate in the application process including an accommodation request under the American with Disabilities Act, please call or email Kyle Phillips
Voice: ]
Email: TTY users please use the Oregon Telecommunications Relay Service: . For technical support, please call toll free , for customer service assistance.
Additional Information
Please monitor your Workday account for communication regarding your application. You must have a valid e-mail address to apply. PERS rate: The salary listed is the non-PERS qualifying salary range. If the successful candidate is PERS qualifying, the salary range will reflect an additional 6.95%. Please review the Classification and Compensation page for more details click here
. CJIS Background Check: The position you are applying for requires access to Criminal Justice Information (CJI) and therefore you must obtain CJIS clearance for unescorted access to a facility or system under the policy requirements set forth by the Federal Bureau of Investigation (FBI). The CJIS background check will be conducted by the Oregon State Police for the Federal Government and is initiated by the hiring manager in coordination with our ODHS/OHA CJIS Coordinators in our Background Check Unit. If you are offered employment, your offer will be contingent upon the successful completion of two separate background checks. The first background check is an abuse check, criminal records check and driving records check. The second background check is the Criminal Justice Information Systems (CJIS) nation-wide FBI fingerprint-based background check. To be eligible for employment, you must pass both background checks and pass the CJIS training and testing requirements. Based on requirements under IRS Publication 1075, the tax information guidelines for Federal, State and local agencies, and Federal Criminal Justice Information Services (CJIS) Security Policy, all applicable Oregon Health Authority employees who use, or have physical or logical access to Criminal Justice Information (CJI), or Federal Tax Information (FTI), including current and future employees, will need to be fingerprinted, have a background check, and successfully complete related security training(s). Employees with access to FTI will need to be fingerprinted and complete a background check every five (5) years. For more information on CJIS processes please visit the OSP CJIS Division webpage at If you have further questions regarding the CJIS policy please contact OSP at . The FBI CJIS Security Policy Version 5.9, section 5.12.1, outlining the CJIS screening requirements, can be found at Veterans: If you are a veteran, you may receive veteran's preference. Click here
for more information about veterans' preference. To receive veterans' preference points, please submit the following required documentation when you apply: A copy of your DD214/DD215 form; OR a letter from the US Dept. of Veterans Affairs indicating you receive a non-service-connected pension for the five (5) point preference. A copy of your DD214/DD215 form; AND a copy of your veterans' disability preference letter from the Dept. of Veterans Affairs for the ten (10) point preference. Visa Sponsorship: Oregon Health Authority (OHA) does not offer VISA sponsorship. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States. OHA is an E-Verify employer and will use E-Verify to confirm that hires are authorized to work in the United States. Internal Applicants: Attention current State of Oregon employees: To apply for posted positions, please close this window, and log into your Workday account and apply through the Career worklet. Please attach only the documents that are related to the position. Additional documents that are attached will not be reviewed. Applicant Help and Support
webpage Affirmative Action and Equal Opportunity
The Oregon Health Authority is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, genetic information, or any other protected class under state or federal law. In addition, we do not discriminate, or screen applicants based on current or past compensation. To learn more about OHA's mission, vision, and core values, click here
. The Oregon Health Authority is an equal opportunity, affirmative action employer committed to workforce diversity.
OHAAOOIS