Apply on Employer Site

State of Delaware · 21 hours ago

Information Security and Compliance Officer

Delaware, United States

Full-time

Hybrid

Mid Level

3+ years exp

The State of Delaware is responsible for ensuring the security of information technology across state agencies. The Information Security and Compliance Officer will develop and enforce IT security policies, conduct risk assessments, and ensure compliance with federal and state regulations to protect sensitive electronic information.

Government

No H1B

Responsibilities

Develops, implements, and enforces information security policies, standards, best practices and procedures for complex systems and data including that which requires compliance with federal and state regulations department-wide

Conducts IT security risk assessments and gap analysis on systems and operational requirements to evaluate effectiveness and identify vulnerabilities and non-compliance

Makes recommendations on corrective action to IT security requirements and system designs to resolve issues; evaluates IT security solutions to confirm they meet department, state and federal IT security requirements for processing confidential and sensitive information

Develops IT security policies and procedures for reviewing and approving new requirements and specifications for procurement of major systems

Develops and updates systems IT security plans and reports such as but not limited to the Corrective Action Plan (CAP), System Security Plans (SSP), Safeguards Procedures Report (SPR) and/or the Safeguard Security Report (SSR)

Performs IT security and internal control reviews on sensitive systems and develops unique security tools and techniques for assessment of complex/non-standard systems and operational requirements

Completes IT security authorization packages for systems users to include security plans, assessment reports and a continuous monitoring plan/assessment schedule

Assists department staff on IT security policy and conducts IT security related training

Ensures compliance of department IT security operations with external entities such as but not limited to, the Center for Medicare and Medicaid Services, Internal Revenue Service (IRS), Payment Card Industry Data Security Standards (PCIDSS), Social Security Administration (SSA), State of Delaware Information Security Policy (DISP), and Delaware State Personally Identifiable Information (PII) data security requirements. Prepares policies and procedures to ensure the secure transmission of State data to external entities

Prepares and coordinates IT security audits, investigations and incident management

Supports a 24x7 operational environment. The operating environment will require extended hours, including engagement outside normal working hours

May complete the Primary Information Security Officer (ISO) or Alternate Information Security Officer (ISO) duties, as outlined by DTI

Ensures effective, stable and reliable information systems and business operations, while remaining in compliance with department, state and federal laws, rules and regulations, as well as the DTI defined strategic direction, including keeping all components of systems under vendor warranty, support/service plans, backup, Continuity of Operations Planning (COOP)

Performs other duties of equal or lower complexity as assigned

Qualification

IT security policiesRisk assessmentsCompliance regulationsSecurity auditsSecurity reportsTrainingIncident management

Required

Three years' experience in developing, implementing, and enforcing Federal and State IT security policies, standards, best practices and procedures

Three years' experience in maintaining information security by conducting assessments/audits and analysis of information systems to identify security risks, changes/upgrades, evaluating IT security measures along with performing internal security control reviews; developing security reports; preparing corrective actions to audit and other findings; and recommending improvements to security solutions