Information Technology Specialist 3 Information Security - 9877

About The Position

Requirements

• Non-competitive: five years of information technology, cybersecurity, or information assurance experience.
• Substitutions: A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience.
• An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.
• A master's degree or higher in computer science or related field substitutes for one year of required experience.

Responsibilities

• Develop and maintain IT security policies and standards that address various security domains, including access control, data protection, incident response, vulnerability management, and third-party risk.
• Conduct thorough research on emerging threats, vulnerabilities, and regulatory changes (e.g., CJIS, NIST, IRS1075) to ensure policies remain current and effective.
• Collaborate with cross-functional teams including IT operations, legal, executive, and business units to understand their needs and integrate security requirements into policy development.
• Facilitate the review and approval process for new and updated policies, engaging relevant stakeholders and leadership.
• Communicate and evangelize security policies throughout the organization to ensure understanding and adherence.
• Assist in the enforcement of security policies by supporting internal and external audits, assessing policy compliance, and identifying areas for improvement.
• Maintain a centralized repository of all security policies and related documentation.
• Receive and Log Policy Exception Requests Act as the primary point of contact for receiving all incoming IT policy exception requests from various departments and stakeholders. Accurately log each request into a dedicated tracking system (e.g., Archer), capturing all essential details such as the requesting party, policy being excepted, reason for exception, duration, and proposed compensating controls.
• Initial Review and Validation: Perform an initial review of submitted requests to ensure completeness and clarity. Follow up with requesters to gather any missing information or clarify details. Verify that the request aligns with the established exception request process and submission guidelines.
• Facilitate Risk Assessment and Approval Workflow: Route exception requests to the appropriate stakeholders for review and approval. Coordinate meetings or communications to facilitate discussions around the exceptions. Ensure all required approvals are obtained and documented within the tracking system.
• Document and Record Exceptions: Maintain a comprehensive and up-to-date central repository of all approved and rejected policy exceptions. Document the justification for the exception, the associated risks, the approved compensating controls, the duration of the exception, and the names of all approvers. Ensure all documentation adheres to internal standards and audit requirements.
• Monitor and Track Exception Lifecycles: Proactively monitor the expiration dates of approved exceptions. Initiate the renewal or closure process for exceptions nearing their expiration, coordinating with the original requester and approvers as needed.
• Reporting and Analysis: Generate regular reports on policy exception trends, including the number of exceptions, common policies excepted, departments requesting exceptions, and reasons for exceptions. Analyze exception data to identify potential systemic issues, policy gaps, or areas requiring increased awareness and training. Present findings to management to support continuous improvement of policies and security controls.
• Process Improvement: Continuously identify opportunities to streamline and improve the policy exception management process, tools, and documentation. Develop and update procedural documentation related to exception handling.
• Audit Support: Assist during internal and external audits by providing accurate and comprehensive documentation related to policy exceptions. Answer auditor inquiries and demonstrate adherence to the exception management process.

Benefits

• Generous benefits package, worth 65% of salary, including:
• Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Thirteen (13) days of paid sick leave annually for PEF.
• Up to three (3) days of professional leave annually to participate in professional development
• Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
• Additional Benefits
• New York State Employees' Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more.