CAPPS, Inc.
Job DescriptionPLEASE NOTE: All applications must contain complete job histories, which includes job title, dates of employment, name of employer, supervisor's name and phone number and a description of duties performed. If this information is not submitted, your application may be rejected because it is incomplete. Resumes do not take the place of this required information.SUBMITTED THROUGH WORK IN TEXAS: Work In Texas (WIT) applicants must complete the supplemental questions to be considered for the posting. In order to complete the supplemental questions please go to CAPPS Recruit to register or login and access your profile. Go to CAPPS Recruit to Sign In https://capps.taleo.net/careersection/ex/jobsearch.ftl?lang=enGENERAL DESCRIPTION:Performs complex (journey-level) information security and cybersecurity analysis and training work. Responsible for coordination, governance and mitigation of DPS' risk strategy for cybersecurity. This includes developing, implementing, and maintaining a cybersecurity risk framework and establishing processes and procedures for risk identification, analysis, and monitoring including responsibility for remediation planning and reporting. Conducts security control assessments, system and network risk assessments, and communication of assessment results and risk levels to technical and non-technical audiences. May train others. Works under general supervision, with limited latitude for the use of initiative and independent judgment.The following Military Occupational Specialty codes are generally applicable to this position.https://hr.sao.texas.gov/Compensation/JobDescriptions/0938.pdfApplicants must fully complete the summary of experience to determine if minimum qualifications are met. ESSENTIAL DUTIES / RESPONSIBILITIES:1. Perform Cyber Risk Management process including risk assessments, control assessments, and vulnerability management across agency.2. Perform Cybersecurity Risk analysis and manage information security programs.3. Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed and elevate them to the Cyber Risk and Vulnerability Manager for review.4. Provide input for plans, roadmaps, and prioritization for projects in order to drive down organizational risks.5. Recommend approval for exceptions or waivers and forward the information to the manager.6. Ensure residual risk is elevated and formally documented on a corrective action plan, if the CISO approves a system that does not meet all the security requirements for operation.7. Ensure that all risks not mitigated are documented for CISO acceptance and that Plans of Action and Milestones (POA&M) are created.8. Ensure each system is evaluated based on its environment and sensitivity levels.9. Evaluate complex business and technical requirements and communicate inherent security risks and solutions to technical and non-technical owners.10. Collaborate with IT to manage security vulnerabilities.11. Ensure the NIST based risk management process is followed and evangelizes adoption of best practices.12. Perform other duties as assigned. Qualifications:GENERAL QUALIFICATIONS and REQUIREMENTS:Education - Graduation from an accredited four-year college or university required, with a major and/or emphasis of computer science, information technology or a related field.Experience - Minimum of two (2) years' work experience in cyber risk management and vulnerability management. Experience performing IT security audits or assessments preferred. Must be proficient with the use of risk and control frameworks and process improvement models; and must obtain CRISC certification within one year.Substitution Note: Additional work experience of the type described or other related education may be substituted for one another on a year-for-year basis.Licensure and/or Certification - Certification in risk and information systems control (CRISC) preferred.Security/Risk Knowledge - Extensive in-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. In-depth knowledge of risk assessment methods and technologies. Proficiency in performing risk, business impact, control and vulnerability assessments. Ability to provide guidance for security activities in the project management life cycle, system development life cycle and application development efforts. Technology (computers/hardware/software/operating systems) - Must possess appropriate levels of proficiency with utilized software and systems and be able to learn new software/systems. Demonstrated proficiency with Microsoft Office Suite (Word, Excel, PowerPoint, Outlook). Considerable knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Strong working knowledge of information technology and security, including vulnerability scanning/penetration tools, network firewall technologies, Internet applications, E-Business, telecommunications and/or computer systems analysis. Regulatory knowledge - Must possess a working knowledge of office practices and applicable laws relating to information security and privacy. Knowledge of or the ability to rapidly assimilate information related to TXDPS, State, and Federal regulations, legislations, guidelines, policies, and procedures.Interpersonal Skills - Must demonstrate an ability to exercise poise, tact, diplomacy and an ability to establish and maintain positive, working/professional relationships with internal/external customers.Organizational and Prioritization Skills - Must be organized, flexible, and able to effectively prioritize in a multi-demand and constantly changing environment; able to meet multiple and sometimes conflicting deadlines without sacrificing accuracy, timeliness or professionalism.Communication Skills - Must be able to construct and deliver clear, concise, and professional communication to a variety of audiences and/or individuals.Analytical Reasoning/Attention to Detail - Must demonstrate an ability to examine data/information, discern variations/similarities, and be able identify trends, relationships and causal factors, as well as grasp issues, draw accurate conclusions, and solve problems.Confidentiality and Protected Information - Must demonstrate an ability to responsibly handle sensitive and confidential information and situations, and adhere to applicable laws/statutes/policies related to access, maintenance and dissemination of information.PHYSICAL and/or ENVIRONMENTAL DEMANDS:The physical and environmental demands described here are representative of those encountered and/or necessary for the employee to successfully perform the essential functions of this job; reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Environment: Office; Ambulatory skills, e.g. stand, walk, sit; Hand-eye coordination and arm/hand/finger dexterity; Ability to speak, hear, and exercise visual acuity; Ability to transfer weights of ten (10) pounds anticipated for this position; Driving requirements: None. State of Texas Benefits and Retirement Information: https://www.ers.texas.gov/Current DPS employees who submit applications for posted DPS positions shall notify their immediate supervisor in writing.A DPS employee who is selected for a position in the same salary group and state title as their current position will be transferred with no salary change.A DPS employee who is selected for a position in their current salary group with a new state title may receive an increase of no more than 3.4% over their current salary regardless of posted salary.Salary is contingent upon qualifications and is subject to salary administration and budgetary restrictions.DUE TO THE HIGH VOLUME OF APPLICATIONS WE DO NOT ACCEPT TELEPHONE CALLS. ONLY CANDIDATES SELECTED FOR INTERVIEW WILL BE CONTACTED.State of Texas retirees may be rehired for full-time, non-commissioned positions only under very specific circumstances.