State of New Mexico

Salary

$38.44 - $61.50 Hourly

$79,950 - $127,920 Annually

This position is a Pay Band IF

Posting Details

Interviews are anticipated to be conducted within two weeks of closing date. The New Mexico Department of Information Technology(DoIT) is the enterprise technology partner serving and supporting state agencies with innovative solutions to advance the delivery of their core missions and to create progress for all New Mexicans. The DoiT Network and Security Services Bureau(DoIT-NSSB) is a dynamic, fast paced IT shop that supports State of New Mexico agencies, boards and commissions.

Why does the job exist?

The IT Security & Compliance Admin III position primarily and independently performs day to day operations on all Department of Information Technology firewalls and firewall management systems. Additionally, this position performs all procedures necessary to ensure the safety of information systems assets and data and to protect systems from intentional or inadvertent access or destruction. Conducts the most complex IT data and security audits and leads or assists with forensic investigations. Serves as project lead and mentors lower-level Security and Compliance Administrators.

How does it get done?

• Performs day to day operations to include design, configuration, implementation and installation of Internet Service Provider, Data Center, Virtual Private Network and User firewalls.
• Develops and implements strategies to align information security with business objectives and goals,

protecting the integrity, confidentiality, and availability of data, in collaboration with the Chief Information

Security Officer. Provides analysis, consultation, and training reflective of significant knowledge of intrusion

detection and internet architecture.

• Contributes to designing and implementing the enterprise-wide organization continuity and disaster

recovery management programs, including maturity models, methodologies, sourcing, strategies, plans,

metrics and scorecards for all components of the program(s).

• Develops and implements internal reviews and audits to ensure compliance with standards and processes

(Selecting sample, verifying documentation and other requirements).

• Assists business partners with the determination of critical business processes and systems.
• Leads and responds to security incidents and investigations and targets reviews of suspect areas.
• Ensures recovery drills are performed. Analyzes recovery drills performance and recommends changes to

plan, as needed.

• Conducts the most complex IT data and security reviews and audits for regulatory and standards compliance. Participates in third party security investigations and compliance reviews as requested.
• Develops, reviews and audits criteria for lower-level security analysts to ensure that users adhere to the

necessary procedures and processes to maintain IT security.

• Identifies and resolves root causes of security-related problems and related issues.
• Consults with clients on security violations.
• Leads the development and documentation of information security standards, best practices, and guidelines.
• Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly

implemented.

• Oversees security incident and response management.
• Defines security configuration and operations standards for security systems and applications, including

policy assessment and compliance tools, network security appliances, and host-based security systems.

• Defines and validates baseline security configurations for operating systems, applications, networking and

telecommunications equipment.

• Interfaces with third-party vendors to evaluate new security products or as part of a security assessment

process. Maintains contact with vendors regarding security system updates and technical support of security

products.

• Coordinates with vendors to ensure managed services are implemented and maintained appropriately.
• Reviews and delivers information security performance summary with analytical evaluation to leadership

teams, as needed. Identifies areas needing improvement and develops recommendations.

• Leads and reviews application security risk assessments for new or updated internal or third party

applications.

• Evaluates and recommends tools and solutions that provide security functions.
• May assist security forensic investigators.
• Provides advice to management on ¿balance¿ between business needs and data security.
• Mentors and trains team members and peers on security solutions and actively participates on system and

application improvement project teams. Serves as a project lead on security-related matters.

Who are the customers?

All New Mexico state agencies that use the Department of Information Technology's Data Network.

Ideal Candidate

• Cisco CCNP-Security, CCIE-Security, CCSP and/or six (6) years of IT security to include hands-on firewall experience.
• Bachelor¿s degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and six (6) years of experience in IT security or compliance validation (e.g., HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling ten (10) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g., CISSP, CEH, CCFP, HCISPP, SSCP) or regulated compliance (e.g., PCIP, ASV, ISA, QSA) can be used to substitute one year of experience.

Minimum Qualification

Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and four (4) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling eight (8) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.

Substitution Table

These combinations of education and experience qualify you for the position:

Education

Experience

Education

Experience

1

High School Diploma or Equivalent

AND

8 years of experience

OR

High School Diploma or Equivalent

AND

8 years of experience

2

Associate's degree in the field(s) specified in the minimum qualification

AND

6 years of experience

Associate's degree or higher in any field

AND

8 years of experience

3

Bachelor's degree in the field(s) specified in the minimum qualification

AND

4 years of experience

4

Master's degree in the field(s) specified in the minimum qualification

AND

2 years of experience

5

PhD degree in the field(s) specified in the minimum qualification

AND

0 years of experience

• Education and years of experience must be related to the purpose of the position.
• If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.

Employment Requirements

Driver's License, Defensive Driving Certificate and background investigation.

Working Conditions

• Office setting with extensive personal computer and telephone usage with extended periods of sitting.
• Working in a cold data center environment.
• Must also be able to lift 25 lbs.
• Work after hours on call
• Travel in a state vehicle throughout the state.

Supplemental Information

Do you know what Total Compensation is? Click here

Agency Contact Information: Natisha Montoya Email

For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.

Bargaining Unit Position

This position is covered by a collective bargaining agreement and all terms/conditions of that agreement apply and must be adhered to.

Read Full Description