View job on Handshake

Employer: California Department of Housing and Community Development

Expires: 07/10/2021

Job Summary:Under general direction of the Information Technology Manager I, the Information Technology (IT) Security Specialist will lead and provide services which encompass the IT domain of Information Security Engineering and is responsible for the most complex aspects of the initiation, design, development, testing, operation and defense of IT environments in order to address sources of disruption, ranging from natural disasters to malicious acts. Essential Functions:Serve as one of the Division’s highest-level IT Security Specialists acting independently, or as a team lead or team member, to provide technical expertise regarding the most complex IT Security issues facing the Department which may include; analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks to recommend IT solutions; provide procedures for incident handling, particularly for analyzing incident-related data and determining the appropriate response; assess, develop, implement, and maintain a security and privacy training and awareness program, ensuring consistency with the organizations risk management strategy and priorities; categorize the information system and the information processed, stored, and transmitted by that system; design new technologies, architectures, and secure solutions that will support security requirements and align with strategic planning for the enterprise and its customers, business partners and vendors; develop and ensure security solutions and technical artifacts are in place throughout all IT systems and platforms; develop and maintain the IT Contingency Planning Program including preliminary planning, business impact analysis, alternate site selection, recovery strategies, training and exercising to work within the overall Business Continuity Plan; monitor and assess security controls in the information system on an ongoing basis, documenting changes, conducting security impact analyses, and reporting system security statuses to the organization; and perform vulnerability and risk assessments to identify security risks and recommend IT solutions.Research and document cyber security defense techniques, guidance, and threats in order to proactively prepare for and prevent future incidents; advise the organization of its compliance status and make recommendations for courses of action to establish and ensure compliance; assess and Implement the security controls and describe how the controls are employed within the information system and its environment of operation; perform incident handling tasks (e.g., triage, forensic collections, intrusion correlation and tracking, threat analysis, and remediation) to take action against a cyber-security threat using cyber-security tools and analysis; provide consultation and expertise in multiple IT domains to ensure compliance with enterprise and IT security policies, industry regulations, and best practices.Effectively prepare and present proposed written IT-related policies and/or procedures, as well as written briefs and reports, talking points, technical documentation and presentations, for internal and external events as related to IT Security; develop and manage work breakdown structure (WBS) of IT Security projects; develop or update project plans for IT Security projects including information such as project objectives, technologies, systems, information specifications, schedules, funding, & staffing; manage security of information systems and/or subsystems; manage or oversee all aspects of one or more IT projects applying industry standards, principles, guidelines, methods, techniques, using planning, monitoring, processes, and controlling principles tools to deliver an IT product, program solution, service, or system; may oversee staff in a project management capacity.Provide on the job training for new and existing Network, IT Security & Helpdesk Support Staff.Attend regularly scheduled section and branch meetings, as well as training classes. Review technical journals or websites to acquire and maintain knowledge of applicable, emerging procedures and new industry best practices.Responsible for the completion of other projects, assignments, and Division administrative tasks as directed by management.