CalEPA is seeking an agency information security officer (IT Manager II) to oversee IT security programs within the six boards, departments and offices under CalEPA (the California Air Resources Board, the Department of Pesticide Regulation, the Department of Resources Recycling and Recovery, the Department of Toxic Substances Control, the Office of Environmental Health Hazard Assessment and the State Water Resources Control Board.)
The agency information security officer (AISO) “provides critical direction in IT security, risk and privacy,” the job posting says. Other functions of the position include:
- Compliance assurance: Collaborate with various boards, departments and programs to ensure staff and management compliance with information security, risk and privacy policies and programs. Conduct regular assessments to verify adherence to established policies.
- Management responsibility: Manage the CalEPA Information Security Office functions, including planning, directing, organizing and controlling work activities. Oversee information security governance, incident management, operations of shared IT security technologies, security awareness program, and continuity of operations/continuity of government plans.
- Risk management and privacy: Develop and implement risk management strategies to safeguard information assets. Oversee privacy initiatives, ensuring compliance with legal, statutory, and regulatory requirements.
- Security audit and compliance: Conduct security audits to assess compliance and identify areas for improvement. Develop and implement strategies to address audit findings and enhance overall security posture.
- Emergency preparedness and response: Assist in issues related to emergency preparedness, response and prevention. Ensure IT security measures contribute to the agency’s overall emergency response capabilities.
- Reporting and alignment: Maintain a direct reporting relationship with the agency chief information officer. Ensure the boards and departments under CalEPA align with and follow agency and state IT security policies and direction.
For more details, see the duty statement. The position has a monthly salary range of $10,734 to $13,048, and the application deadline is March 1.
EDD is seeking a cybersecurity risk manager (IT Manager I) to organize, plan and direct risk management activities of Cyber Security Division (CSD) information security analysts.
“The work performed by the analysts includes risk management, information security consults, security awareness training and incident reporting,” the job posting says. The manager “will contribute to the growth of the Information Technology Branch into a customer-focused service organization by developing professional relationships, providing feedback to others with the branch.”
The posting adds, in part: “The incumbent should have knowledge of the principles, practices and trends of public and business administration, including management, organization, planning, cost/benefit analysis, budgeting, project management and evaluation; employee supervision, training, development and personnel management; current computer industry technology and practices’ principles of data processing systems design; programming, operations, and controls; state-level policies and procedures relating to electronic data processing.”
It continues: “The incumbent should possess the ability to develop and evaluate alternatives, make decisions and take appropriate action; establish and maintain priorities; effectively develop and use resources; identify the need for and assure the establishment of appropriate administrative procedures; plan, coordinate, and direct the activities of a data processing staff; make effective use of interdisciplinary teams; reason logically and creatively and use a variety of analytical techniques to resolve managerial problems; present ideas and information effectively, both orally and in writing; consult with and advise administrators and other interested parties on a variety of subject-matter areas, translating technical data processing terms into everyday language; and gain and maintain the confidence and cooperation of others.”
Applicants must possess or be in the process of obtaining one or more of the following recognized industry certifications: CISM, CISSP, CIRSC, CISA.
More details about the role can be found in the duty statement. The position has a monthly salary range of $8,849 to $11,857, and the application deadline is March 1.
EDD is also recruiting for an infrastructure security specialist (IT Specialist II) to work with system owners to develop and maintain system security plans and to “track and elevate critical and high-risk vulnerabilities or findings for remediation.”
According to the job posting, the specialist also:
- Serves as a lead technical security specialist in conducting risk assessments and application security assessments.
- Evaluates EDD enterprise security posture and interfaces with other subject matter experts to define security standards and policies to fully align with the NIST, SIMM, SAM, FISMA, FedRAMP and IRS Publication 1075.
- Performs system assessments and documents findings in addition to certifications and accreditations.
More details about this position can be found in the duty statement. The role has a monthly salary range of $8,130 to $10,893, and the application deadline is Feb. 22.