Cyber Risk Analyst - Information Technology Specialist 6 (ITS6)

Cyber Risk Analyst – ITS6 Administrative Operations Division Headquarters - Tumwater, WA... • This recruitment is open continuous with an initial review date of Monday, April 25, 2016. We encourage you to get your application materials in before this date. The Department of Corrections (DOC) is seeking a highly motivated and qualified individual to fill the role of Cyber Risk Analyst – ITS6, within Information Technology, Administrative Operations Division. This position is located at DOC Headquarters in Tumwater, Washington. Agency Profile: Whether the work is inside a prison, in community corrections, or in an administrative office, the Washington State Department of Corrections professional staff experience a high degree of personal satisfaction knowing they are creating environments in which all offenders can learn to make choices that contribute to a safer society. Application Process: If you are interested in applying and would like to be considered, please apply directly at careers.wa.gov, AND attach the following documents to your profile: • A Letter of Interest explaining how you meet the qualifications (preferably no more than one (1) page), • A current Resume; and • Minimum of three (3) professional references with your application. A professional reference is defined as an individual who has been paid to supervise your work and can attest to your work performance, technical skills, and job competencies. If you do not have any or sufficient professional references, please include non-related professionals, such as educators or other professional associates. We are looking for evidence in your application materials that you have the experience, skills, and abilities indicated in this job posting. Qualified applicants whose responses most closely match the requirements of this position may be invited to interview. Carefully review your application before submitting. All information may be verified and documentation may be required. The initial screening will be solely based on the contents and completeness of the application materials submitted. DOC Offers: • Comprehensive compensation packages; • Training and development opportunities; and • The fulfillment of public service. The Cyber Risk Analyst works as the subject matter expert for Cyber Security in the Cyber Security Unit within the Washington State Department of Corrections. This position uses current policy, standards and guidelines to evaluate projects and new and existing systems to assess risk. This positon makes recommendations to senior level management for mitigating risk. This position requires a very detail oriented person to preform analysis and to ensure cyber security controls are implemented into the early stages of the design and implementation process to protect the Agency from any cyber-attacks. This position will work with other stakeholders within DOC, Washington State and Federal Agencies to ensure security controls are in place to prevent a cyber-security breach. Specific job duties include, but are not limited to: • Develops methods to monitor and measure risk, compliance and assurance efforts. • Serves as the highest level of authority for the cyber security assessment program; consults with information system stakeholders, IT cyber security experts and IT management to develop a schedule of system to assess. • Verifies application software/network, system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations. • Advisees appropriate senior leadership or Authorizing Official of changes affecting the organizations information assurance posture. • Documents all IT Cyber Security Program assessments for future reference. • Develops specifications to ensure risk, compliance and assurance efforts conform to security, resilience and dependability requirements at the software application, system and network environmental level. • Consults with Agency project managers and stakeholders to ensure that cyber security inputs and requirements are considered/implemented in all phases of the project from start to finish. • Performs risk assessments to guide the project team and address project issues that are related to cyber security. • Uses in-depth knowledge of the Software/System Development Lifecycle to coordinate with project managers, team members and stakeholders to ensure that cyber security requirements are addressed to meet project milestones and timelines. • Secures software/hardware list, data flow diagrams, network connectivity drawings and vulnerability scans from the project manager and issues an Authorize to Operate (ATO) certificate prior to systems going to production. • Defines and documents how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. • Researches emerging IT cyber security trends. Documents and address organization's information security, IA architecture and systems security engineering requirements throughout the acquisition lifecycles.Required: • A minimum of four (4) years dedicated continuous work as an information technology technician. • A minimum of two (2) years cumulative experience for Commercial Off the Shelf (COTS) or custom built application support. • A senior-level working knowledge of IT processes regarding cyber security assessments, risk assessment, and vulnerability analysis. • An Associate degree in computer science, information assurance or related field from an accredited institution whose accreditation is recognized by the U.S. Department of Education or the Council for Higher Education Accreditation (CHEA), or a foreign equivalent. • *One year, professional IT experience, in a cyber-security awareness role in addition to the aforementioned qualifications, may satisfy this educational requirement. • Knowledge of the National Institute of Standards and Technology's Risk Management Framework requirements. • Skill in creating policies that reflect system security objectives. • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth). Desired: • Bachelor's degree or higher in IT Management, Computer Science, Business, or related degree from an accredited institution whose accreditation is recognized by the U.S. Department of education or the Council for Higher Education Accreditation (CHEA). • At least one of the following professional Level-2 or 3 certification as defined by the Department of Defense 8570.01-M Information Workforce Improvement Program; Security+, GSEC, SCNP, SSCP, CISSP, CISA, or CISM. • At least one of the following computer environmental certifications, Certified Risk and Information Systems Controls (CRISC), Global Information Assurance Certifications – Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), or EC-Council Certified Security Analyst (ECSA). • Knowledge of new and emerging IT and information security technologies. • Knowledge of relevant laws, policies, procedures or governance as they relate to work that may impact critical infrastructure. • Knowledge of current emerging threats/threat vectors. 'The mission of DOC is to improve public safety.' For additional information about the agency, please visit www.doc.wa.gov. IMPORTANT NOTES: • All DOC employees are fingerprinted for a criminal history background check. • Employees work with offenders in a potentially hazardous setting. Please consider this when deciding whether to apply. • We are committed to maintaining a drug and alcohol free work environment, and our employees are expected to comply with all state and federal laws. A pre-employment drug test may be administered as part of the selection process, and applicants who test positive for any controlled substances, will be disqualified from consideration. • Animal care projects are a common component of most Washington State prisons, including dog and cat programs. Applicants with animal sensitivities or allergies are encouraged to ask about the level of exposure they could expect in this position. • Tuberculosis is a priority health issue for DOC employees. The successful candidate may be required to provide valid proof of a baseline TB skin test within 60 days from the date of hire. When positive tests result, further information, testing and treatment may also be required. Employment is not contingent upon test results. • If this position is included in a Union Shop, employees will be required to become members within thirty (30) days of employment. We are committed to hiring individuals who possess core diversity competencies: • Foster a positive attitude and openness toward the ever changing social and cultural makeup of the workplace. • Work effectively with men and women of different perspectives, abilities, disabilities, races, religions, ages, lifestyle preferences and social, ethnic and cultural backgrounds. • Respectfully acknowledge people's differences and recognize these differences as important and valuable. • Promote inclusiveness. • Be culturally sensitive and appropriate. • Respect and value diverse backgrounds and traditions. DOC is an equal opportunity employer and does not discriminate on the basis of race, creed, color, national origin, sex, marital status, sexual orientation, gender identity diversity, age, honorably discharged veteran, veteran status, genetic information, or the presence of any sensory, mental or physical disability or the use of a trained guide dog or service animal by a person with a disability. For questions about this recruitment, or to request reasonable accommodation in the application process, please email andrea.detlefsen@doc.wa.gov call us at (360) 725-8420. For TTY service, please call the Washington Relay Service at 7-1-1 or 1-800-833-6388