Position SummaryThe client manages the state's information technology (IT) assets and uses technology to improve government efficiency and service delivery. The client administers enterprise solutions and consults on technology services for the client, local government and educational systems.This position is responsible for:determining whether electronic information systems operated and used by the client are effectively managed and controlledassisting in determining whether the application and general computer controls are adequate and functioning as intended, especially in the area of privacy and securityassisting in documenting improvements to existing or design-stage information systems to increase efficiency or adequacy of controlsmaintaining policies and procedures related to the effective operation and control of the information systemsreviewing responses to external audit findings, and resolution of IT policy and procedural issuesperforming self-assessments for compliance with regulatory and other industry standards for infrastructure services provided by the client.The position requires strong communications skills, both verbally and in writing, provides excellent customer service and assistance to internal and external stakeholders, and the ability to work with cross-functional teams.Goals and Worker Activities30% A. Provide technical assistance on IT audit, security, and compliance requirements to internal and external customersA1. Research, review and keep current on the client regulatory compliance requirements and security best practices.A2. Maintain productive relations with supervisor and staff as a means of providing assistance with audit and compliance needs and areas of potential risk.A3. Provide technical assistance, as requested, to the client managers in appropriate IT areas, such as development and implementation of internal control systems; development of policies and procedures; establishing benchmarks to measure the effectiveness of an IT application or function; and enhancing security features governing access to applications, LAN’s and physical IT operations.A4. Identify audit topics that should be considered for audit or limited review, based on indicators of any significant system changes, risks faced by the department and/or possible benefits of conducting such assessments.A5. Assist client managers in developing responses to audits by external (state and federal) auditors, and in tracking responses to ensure that corrective actions are taken.A6. Conduct follow-up reviews to determine whether recommendations have been implemented to adequately address the findings.50% B. Serve as client resource for documenting and assessing the adequacy of security controls for information systemsB1. Meet with internal customers to review and understand their requirements as they relate to enterprise security.B2. Perform appropriate tests of general IT controls and specific application controls to verify that controls being audited are functioning as intended.B3. Recommend to management changes necessary to improve the design and operating effectiveness IT security controls.B4. Draft correspondence to management for audit results that clearly explain the findings and conditions disclosed during the audit, the basis for the audit conclusions and specific recommendations for corrective action.B5. Develop an audit or limited review work plan detailing specific audit objectives, audit tasks to be performed, the criteria to be reviewed by management in assessing whether the IT system, function or activity being reviewed is performing effectively and timelines for completing planned tasks.B6. Investigate security and compliance related issues for the enterprise and client as requested by management.15% C. Participate in information technology security initiativesC1. Participate in cross-functional teams in needs assessment, design, or implementation projects to address security audit and compliance needs.C2. Review internal project study requests and project plans for compliance with IT security strategic goals.C3. Evaluate customer requirements to determine if security solutions meet client audit and compliance controls. Provide cost-benefit analyses as needed and solicit funding to develop and implement new projects and services.C4. Provide information technology security expertise to system developers, system administrators, project managers and other IT professionals to ensure adequate security controls in IT systems.5% D. Professional DevelopmentD1. Maintain familiarity with activities and trends in the field of security and other related technologies.D2. Attend appropriate training courses, conferences, and seminars.D3. Read technical publications to maintain a high level of technical knowledge concerning security with particular emphasis on shared infrastructure technology.D4. Participate in activities of professional and technical associations to contribute to the development in the data processing industry and in various client of government.Knowledge, Skills and Abilities1. Ability to deliver quality service and maintain positive working relationships with customers.2. Ability to function as a team member, including the open sharing of information, and willingness to help out wherever needed.3. Ability to communicate clearly and effectively to both technical peers and less technical customers in person and via written media such as email, reports, and project charters.4. Knowledge of and ability to apply IT service-delivery management best practices and procedures.5. Ability to learn quickly; synthesize complex information, identify key points and communicate results accurately and effectively.6. Knowledge and skill in standard audit procedures, including preparing an audit guide and identifying the steps taken in conducting the audit.7. Knowledge of information technology controls.8. Skill and experience in IT systems, software and web-based applications.9. Knowledge of regulatory compliance requirements and assessment processes.10. Knowledge of security concepts, risk management and investigation techniques.11. Knowledge of practices of the Information Systems Audit and Control Association or any other applicable background for the audit of information systems.12. Skill in writing technical, management and analysis reports and papers. Top Required Skills & Years of Experience:Splunk Cloud experience (5+ years)SOC (Security Operations Center) experience (5+ years)Nice to Have Skills:M365 Security experienceAI SecurityCloud ContainersNotes:8:00 AM - 4:00 PM100% remote within the State VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status
Position SummaryThe client manages the state's information technology (IT) assets and uses technology to improve government efficiency and service delivery. The client administers enterprise solutions and consults on technology services for the client, local government and educational systems.This position is responsible for:determining whether electronic information systems operated and used by the client are effectively managed and controlledassisting in determining whether the application and general computer controls are adequate and functioning as intended, especially in the area of privacy and securityassisting in documenting improvements to existing or design-stage information systems to increase efficiency or adequacy of controlsmaintaining policies and procedures related to the effective operation and control of the information systemsreviewing responses to external audit findings, and resolution of IT policy and procedural issuesperforming self-assessments for compliance with regulatory and other industry standards for infrastructure services provided by the client.The position requires strong communications skills, both verbally and in writing, provides excellent customer service and assistance to internal and external stakeholders, and the ability to work with cross-functional teams.Goals and Worker Activities30% A. Provide technical assistance on IT audit, security, and compliance requirements to internal and external customersA1. Research, review and keep current on the client regulatory compliance requirements and security best practices.A2. Maintain productive relations with supervisor and staff as a means of providing assistance with audit and compliance needs and areas of potential risk.A3. Provide technical assistance, as requested, to the client managers in appropriate IT areas, such as development and implementation of internal control systems; development of policies and procedures; establishing benchmarks to measure the effectiveness of an IT application or function; and enhancing security features governing access to applications, LAN’s and physical IT operations.A4. Identify audit topics that should be considered for audit or limited review, based on indicators of any significant system changes, risks faced by the department and/or possible benefits of conducting such assessments.A5. Assist client managers in developing responses to audits by external (state and federal) auditors, and in tracking responses to ensure that corrective actions are taken.A6. Conduct follow-up reviews to determine whether recommendations have been implemented to adequately address the findings.50% B. Serve as client resource for documenting and assessing the adequacy of security controls for information systemsB1. Meet with internal customers to review and understand their requirements as they relate to enterprise security.B2. Perform appropriate tests of general IT controls and specific application controls to verify that controls being audited are functioning as intended.B3. Recommend to management changes necessary to improve the design and operating effectiveness IT security controls.B4. Draft correspondence to management for audit results that clearly explain the findings and conditions disclosed during the audit, the basis for the audit conclusions and specific recommendations for corrective action.B5. Develop an audit or limited review work plan detailing specific audit objectives, audit tasks to be performed, the criteria to be reviewed by management in assessing whether the IT system, function or activity being reviewed is performing effectively and timelines for completing planned tasks.B6. Investigate security and compliance related issues for the enterprise and client as requested by management.15% C. Participate in information technology security initiativesC1. Participate in cross-functional teams in needs assessment, design, or implementation projects to address security audit and compliance needs.C2. Review internal project study requests and project plans for compliance with IT security strategic goals.C3. Evaluate customer requirements to determine if security solutions meet client audit and compliance controls. Provide cost-benefit analyses as needed and solicit funding to develop and implement new projects and services.C4. Provide information technology security expertise to system developers, system administrators, project managers and other IT professionals to ensure adequate security controls in IT systems.5% D. Professional DevelopmentD1. Maintain familiarity with activities and trends in the field of security and other related technologies.D2. Attend appropriate training courses, conferences, and seminars.D3. Read technical publications to maintain a high level of technical knowledge concerning security with particular emphasis on shared infrastructure technology.D4. Participate in activities of professional and technical associations to contribute to the development in the data processing industry and in various client of government.Knowledge, Skills and Abilities1. Ability to deliver quality service and maintain positive working relationships with customers.2. Ability to function as a team member, including the open sharing of information, and willingness to help out wherever needed.3. Ability to communicate clearly and effectively to both technical peers and less technical customers in person and via written media such as email, reports, and project charters.4. Knowledge of and ability to apply IT service-delivery management best practices and procedures.5. Ability to learn quickly; synthesize complex information, identify key points and communicate results accurately and effectively.6. Knowledge and skill in standard audit procedures, including preparing an audit guide and identifying the steps taken in conducting the audit.7. Knowledge of information technology controls.8. Skill and experience in IT systems, software and web-based applications.9. Knowledge of regulatory compliance requirements and assessment processes.10. Knowledge of security concepts, risk management and investigation techniques.11. Knowledge of practices of the Information Systems Audit and Control Association or any other applicable background for the audit of information systems.12. Skill in writing technical, management and analysis reports and papers.
Top Required Skills & Years of Experience:Splunk Cloud experience (5+ years)SOC (Security Operations Center) experience (5+ years)Nice to Have Skills:M365 Security experienceAI SecurityCloud Containers
Notes:8:00 AM - 4:00 PM100% remote within the State
(Please ensure email matches your resume email)
(document types allowed: doc/docx/rtf/pdf/txt) (max 2MB)
By submitting this form, you are consenting to the VIVA team contacting you via Phone/Email