Employer: California Department of Housing and Community Development
Job Summary:Under general direction of the Information Technology Manager I, the Information Technology (IT) Security Specialist will provide services which encompass the IT domain of Information Security Engineering and is responsible for the complex aspects of the initiation, design, development, testing, operation and defense of IT environments in order to address sources of disruption, ranging from natural disasters to malicious acts. Essential Functions:Serve as one of the Division’s IT Security Specialists acting independently, or as a team lead or team member. Develop and/or review data sharing agreements prior to release of confidential information; investigate and report security incidents; analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks to recommend IT solutions. Provide procedures for incident handling, particularly for analyzing incident-related data and determining the appropriate response; ensure consistency with the organizations risk management strategy and priorities. Categorize the information system and the information processed, stored, and transmitted by that system. Develop and ensure security solutions and technical artifacts are in place throughout all IT systems and platforms. Work with staff to develop and maintain the IT Contingency Planning Program including preliminary planning, business impact analysis, alternate site selection, recovery strategies, training and exercising to work within the overall Business Continuity Plan. Monitor and assess security controls in the information system on an ongoing basis, documenting changes, conducting security impact analyses, and reporting system security statuses to the organization. Perform vulnerability and risk assessments to identify security risks and recommend IT solutions; research and document the most complex cyber security defense techniques, guidance, and threats in order to proactively prepare for and prevent future incidents. Maintain the security controls and verify the controls are employed within the information system and its environment of operation; perform incident handling tasks (e.g., triage, forensic collections, intrusion correlation and tracking, threat analysis, and remediation) to take action against a cyber-security threat using cyber-security tools and analysis. Provide consultation and expertise in multiple IT domains to ensure compliance with enterprise and IT security policies, industry regulations, and best practices; participate in the design of new system architecture, standards, and methods from an IT Security related perspective to support organizational needs; conduct research and perform analysis to recommend IT security system upgrades, cost effective solutions, and process improvements to meet current and future needsServe as a second level Helpdesk for the resolution of complex desktop related issues beyond the ability of first level helpdesk to resolve.Effectively prepare and present proposed written IT-related policies and/or procedures, as well as written briefs and reports, talking points, technical documentation and presentations, for internal and external events as related to IT Security. Develop and manage work breakdown structure (WBS) of IT Security projects; develop or update project plans for IT Security projects including information such as project objectives, technologies, systems, information specifications, schedules, funding, & staffing. Manage security of information systems and/or subsystems, oversee all aspects of one or more IT projects applying industry standards, principles, guidelines, methods, techniques, using planning, monitoring, processes, and controlling principles tools to deliver an IT product, program solution, service, or system; may oversee staff in a project management capacity.Provide on the job training for new and existing Network, IT Security & Helpdesk Support Staff.Attend regularly scheduled section and branch meetings, as well as training classes. Review technical journals or websites to acquire and maintain knowledge of applicable, emerging procedures and new industry best practices.Responsible for the completion of other projects, assignments, and Division administrative tasks as directed by management.