Whatsapp
Posted : Tuesday, December 12, 2023 11:41 AM
Salary
$38.
06 - $60.
89 Hourly $79,158 - $126,653 Annually This position is a Pay Band IF Posting Details Continuous: This posting will be used for ongoing recruitment and may close at any time.
Applicant lists may be screened more than once.
.
Our Mission It is the mission of New Mexico's Game and Fish Department: To conserve, regulate, propagate and protect the wildlife and fish within the state of New Mexico using a flexible management system that ensures sustainable use for public food supply, recreation and safety; and to provide for off-highway motor vehicle recreation that recognizes cultural, historic, and resource values while ensuring public safety.
Please visit our website for more information at https://www.
wildlife.
state.
nm.
us/ Why does the job exist? The position is accountable for oversight of the technical, physical, and administration security of information systems at New Mexico Department of Game and Fish (NMDGF).
The position will establish, implement, and enforce enterprise security standards and policies.
The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations.
The position will monitor and develop strategies to ensure NMDGF is meeting current and future regulatory compliances (e.
g.
Payment Card Industry (PCI)) data security standards (DSS).
The position will monitor all systems for information security abnormalities and conduct investigations in addressing them.
How does it get done? Keep current with Payment Card Industry (PCI) Data Security Standards (DSS), validate NMDGF is meeting PCI DSS requirements and developing/implementing a strategy to address any deficiencies by following the PCI audit process.
Coordinate with external PCI auditors and Scanning vendors to address PCI compliance.
Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tool such as SPLUNK.
Develop and implement Information Security (INFOSEC) standards for NMDGF by following industry standards such as NIST 800 Series guides and best practices.
Monitor all firewall logs for abnormalities and address them accordingly and make/document changes to firewall settings to meet system needs via the firewall software.
Performing security services including audits, vulnerability scans, penetration testing, and source code review to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance; Monitoring compliance with security policies, standards, guidelines, and procedures; Analyzing and responding to security incidents and investigations; Coordinating and collaborating with compliance/regulatory auditors during formal audits as well as third-party security agencies or companies in performing security assessments; Participating in designing secure infrastructure solutions and applications; Contributing to designing the department, disaster recovery, incident response, and business continuity plans; Protecting the confidentiality, integrity, and availability of all sensitive and confidential data such as personally identifiable information, protected health information, and personal tax information; The incumbent will work to continually improve the agency's security posture through IT security policy encompassing user, IT staff and management responsibilities, as well as Computer Security Incident Response Plan (CSIRP) and Computer Security Incident Response Team (CSIRT) formation, modifications and evolution; IT procedures, vulnerability remediation and control implementation.
1.
Conducts monitoring of security tools and implements controls as directed.
2.
Reviews security intelligence and updates security tools to detect and block malicious IP's and signatures.
3.
Reviews security intelligence and performs threat hunts for indications of compromise in the environment.
4.
Conducts security remediation such as security patching.
5.
Reviews logs and activities and escalates to more senior staff when necessary.
6.
Delivers security awareness training and provides reporting on participation and compliance.
7.
Provides input to the preparation of disaster recovery plans.
8.
Prepares documentation for all actions taken.
9.
Assists with regular audits of agency infrastructure against standards and baselines for compliance and works with IT staff to bring agency assets back into compliance.
10.
Works with end users to troubleshoot issues with security tools and escalates when necessary.
11.
Works closely with other members of the agency's IT staff on security projects and remediations.
12.
Assists with on boarding and off boarding pertaining to the agency's security tools.
13.
Develops security solutions for low to medium complex assignments Who are the customers? Customers include department staff, peers, employees, as well as vendors, and application licensing customers when troubleshooting an in-house development issue.
Ideal Candidate The ideal candidate for the position should possess the following qualifications: -Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent certification designations.
-Experience in IT security, PCI DSS compliance, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Minimum Qualification Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and four (4) years of experience in IT security or compliance validation (e.
g.
HIPAA, PCI).
Substitutions Apply.
See Substitution Table below.
A certificate in IT security/forensics (e.
g.
CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.
g.
PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table These combinations of education and experience qualify you for the position: Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience • Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.
g.
6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications.
No substitutions apply for semester hours.
Employment Requirements Pre-employment background investigation is required and is conditional pending results.
Must possess and maintain a valid Driver's License.
Must possess and maintain a current Defensive Driving Course Certificate from the State of New Mexico or must pass and receive Defensive Driving Course Certification as a condition of continued employment.
Working Conditions Work will be performed in an office environment.
Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly.
The person will work extended periods seated in front of a computer.
The person must be able to operate a computer, keyboard, and mouse.
Must be able to lift/carry up to 25 lbs.
Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information Benefits: Do you know what Total Compensation is? Click here Agency Contact Information: Gavin Lujan, IT Chief Email For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position This position is not covered by a collective bargaining agreement.
06 - $60.
89 Hourly $79,158 - $126,653 Annually This position is a Pay Band IF Posting Details Continuous: This posting will be used for ongoing recruitment and may close at any time.
Applicant lists may be screened more than once.
.
Our Mission It is the mission of New Mexico's Game and Fish Department: To conserve, regulate, propagate and protect the wildlife and fish within the state of New Mexico using a flexible management system that ensures sustainable use for public food supply, recreation and safety; and to provide for off-highway motor vehicle recreation that recognizes cultural, historic, and resource values while ensuring public safety.
Please visit our website for more information at https://www.
wildlife.
state.
nm.
us/ Why does the job exist? The position is accountable for oversight of the technical, physical, and administration security of information systems at New Mexico Department of Game and Fish (NMDGF).
The position will establish, implement, and enforce enterprise security standards and policies.
The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations.
The position will monitor and develop strategies to ensure NMDGF is meeting current and future regulatory compliances (e.
g.
Payment Card Industry (PCI)) data security standards (DSS).
The position will monitor all systems for information security abnormalities and conduct investigations in addressing them.
How does it get done? Keep current with Payment Card Industry (PCI) Data Security Standards (DSS), validate NMDGF is meeting PCI DSS requirements and developing/implementing a strategy to address any deficiencies by following the PCI audit process.
Coordinate with external PCI auditors and Scanning vendors to address PCI compliance.
Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tool such as SPLUNK.
Develop and implement Information Security (INFOSEC) standards for NMDGF by following industry standards such as NIST 800 Series guides and best practices.
Monitor all firewall logs for abnormalities and address them accordingly and make/document changes to firewall settings to meet system needs via the firewall software.
Performing security services including audits, vulnerability scans, penetration testing, and source code review to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance; Monitoring compliance with security policies, standards, guidelines, and procedures; Analyzing and responding to security incidents and investigations; Coordinating and collaborating with compliance/regulatory auditors during formal audits as well as third-party security agencies or companies in performing security assessments; Participating in designing secure infrastructure solutions and applications; Contributing to designing the department, disaster recovery, incident response, and business continuity plans; Protecting the confidentiality, integrity, and availability of all sensitive and confidential data such as personally identifiable information, protected health information, and personal tax information; The incumbent will work to continually improve the agency's security posture through IT security policy encompassing user, IT staff and management responsibilities, as well as Computer Security Incident Response Plan (CSIRP) and Computer Security Incident Response Team (CSIRT) formation, modifications and evolution; IT procedures, vulnerability remediation and control implementation.
1.
Conducts monitoring of security tools and implements controls as directed.
2.
Reviews security intelligence and updates security tools to detect and block malicious IP's and signatures.
3.
Reviews security intelligence and performs threat hunts for indications of compromise in the environment.
4.
Conducts security remediation such as security patching.
5.
Reviews logs and activities and escalates to more senior staff when necessary.
6.
Delivers security awareness training and provides reporting on participation and compliance.
7.
Provides input to the preparation of disaster recovery plans.
8.
Prepares documentation for all actions taken.
9.
Assists with regular audits of agency infrastructure against standards and baselines for compliance and works with IT staff to bring agency assets back into compliance.
10.
Works with end users to troubleshoot issues with security tools and escalates when necessary.
11.
Works closely with other members of the agency's IT staff on security projects and remediations.
12.
Assists with on boarding and off boarding pertaining to the agency's security tools.
13.
Develops security solutions for low to medium complex assignments Who are the customers? Customers include department staff, peers, employees, as well as vendors, and application licensing customers when troubleshooting an in-house development issue.
Ideal Candidate The ideal candidate for the position should possess the following qualifications: -Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent certification designations.
-Experience in IT security, PCI DSS compliance, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Minimum Qualification Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering or similar technical degree and four (4) years of experience in IT security or compliance validation (e.
g.
HIPAA, PCI).
Substitutions Apply.
See Substitution Table below.
A certificate in IT security/forensics (e.
g.
CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.
g.
PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.
Substitution Table These combinations of education and experience qualify you for the position: Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience • Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.
g.
6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications.
No substitutions apply for semester hours.
Employment Requirements Pre-employment background investigation is required and is conditional pending results.
Must possess and maintain a valid Driver's License.
Must possess and maintain a current Defensive Driving Course Certificate from the State of New Mexico or must pass and receive Defensive Driving Course Certification as a condition of continued employment.
Working Conditions Work will be performed in an office environment.
Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly.
The person will work extended periods seated in front of a computer.
The person must be able to operate a computer, keyboard, and mouse.
Must be able to lift/carry up to 25 lbs.
Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information Benefits: Do you know what Total Compensation is? Click here Agency Contact Information: Gavin Lujan, IT Chief Email For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position This position is not covered by a collective bargaining agreement.
• Phone : NA
• Location : 715 Alta Vista St, Santa Fe, NM
• Post ID: 9079798229
