Introduction
WHAT WE CAN OFFER YOU
POSITION HIGHLIGHTS
- Full Time, 35 hours per week.
- Monday through Friday.
- Location: Wethersfield
- First Shift
- Hybrid
The Security and Compliance Subject Matter Expert (SME) will work closely with risk management and security leadership, teammates and stakeholders to evaluate and recommend models aligning with organizational risk posture. Responsible for reviewing and documenting where security and technology controls are adequate or require improvement, as well as areas where risk is too high, this person will recommend risk reduction steps to be implemented, and maintained through policies, procedures, frameworks and technical controls.
The successful candidate will:
- Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks.
- Attend change control and project management meetings to understand and proactively strengthen controls to avoid unnecessary risk across lines of business.
- Retain expertise in one or more compliance standards including IRS FTI PUB 1075, Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Centers for Medicare & Medicaid Services (CMS), National Institute of Standards and Technology (NIST) and International Standards Organization (ISO) 27001.
- Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.
- Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units and employees.
- Conduct architecture reviews and identify where security controls must be implemented.
- Analyze workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls.
- Foster strong relationships with internal business units and excel in risk management, technical controls and cybersecurity communication.
ABOUT US
The State of Connecticut is undergoing a strategic optimization of our Information Technology (IT) resources, to deliver enterprise-wide services, in more efficient and innovative ways. We are setting trends, not following them. As part of these efforts, the Department of Administrative Services Bureau of Enterprise Systems and Technology (DAS BEST) is joining forces with the majority of Executive Branch, Agency IT organizations, to form a new, centralized team under the Bureau of Information Technology Solutions (BITS).
Selection Plan
TO APPLY
- In order to be considered for this job opening, you must meet the Minimum Qualifications as listed on this job opening. You must specify your qualifications on your application.
- The minimum experience and training requirements must be met by the close date on the job opening, unless otherwise specified.
- In order to receive educational credits toward qualification for this job posting, the institution must be accredited. If the institution of higher learning is located outside of the U.S., you are responsible for providing documentation from a recognized USA accrediting service which specializes in determining foreign education equivalencies to the recruiter listed on this job posting.
- For current state employees, salary calculations are not necessarily comparable from one of the three branches of state government (i.e., Executive, Legislative, Judicial) to the other.
- Ensure that your application is complete and detailed before submitting it. In order to comply with Public Act 21-69, the State of Connecticut is no longer asking for resumes during the initial application process. You will not be able to make revisions once your application is submitted into the JobAps system.
- Please select all location(s) and shift(s) you are willing to work on your application. Failure to do so may result in not being considered for vacancies in that specific location or shift.
- All application materials must be received by the recruiting agency by the time specified on the job opening for the position for which you are applying. Late applications may not be submitted and will not be considered. Exceptions are rare and limited to documented events that incapacitate a candidate during the entire duration of the job posting time period. It is the candidate’s obligation and responsibility to request an exception and provide a legally recognized justification to accommodate such exception. Requests should be made to DAS.SHRM@ct.gov.
FOR ASSISTANCE IN APPLYING
- Please read or watch our Applicant Tips on How to Apply.
IMPORTANT INFORMATION AFTER YOU APPLY
- This posting may require completion of additional referral questions (RQs). You can access these RQs via an email that will be sent to you after the posting's closing date or by visiting your JobAps Personal Status Board (Certification Questionnaires section). Your responses to these RQs must be submitted by the questionnaire's expiration date. Please regularly check your email and JobAps Personal Status Board for notifications. Please check your SPAM and/or Junk folders on a daily basis in the event an email provider places auto-notification emails in a user's spam.
- Although applicants will receive correspondence via email, as a backup they are also encouraged to sign on to their Personal Status Board on a daily basis to monitor their status, view all emailed notices and complete tasks required in the recruitment process.
- Note: At any point during the recruitment process, applicants may be required to submit additional documentation which support their qualification(s) for this position. These documents may include: a cover letter, resume, performance reviews, attendance records, supervisory references, licensure, etc., at the discretion of the hiring agency.
- Interviews will be limited to candidates whose experience and training most closely meet the requirements of the position.
- Read through this helpful link to prepare for your interview.
- The immediate vacancy is listed above, however, applications to this recruitment may be used for future vacancies in this job class.
CONNECT WITH US
- Due to the large volume of applications received, we are unable to provide confirmation of receipt or status during the recruitment process. Updates will be available through your JobAps portal account. Should you have any questions pertaining to this recruitment, please contact Brittney Woodley at brittney.woodley@ct.gov.
PURPOSE OF JOB CLASS (NATURE OF WORK)
In a state agency supporting a highly complex Information Technology (IT) environment this class is accountable for functioning as a Subject Matter Expert in one of the following functional IT areas: networking, security, systems development, systems programming or database administration. This class also provides technical leadership and consultation in the areas of architecture, application design, systems programming, system integration, and/or database management OR the analysis, development and operational support of highly complex technologies affecting multiple infrastructure areas.
EXAMPLES OF DUTIES
- Acts as a full project manager;
- Participates in the development of architectural designs;
- Recommends policies, procedures, and associated technical implementation standards;
- Researches, designs, analyzes, develops and enhances new and highly complex infrastructure projects in support of agency information systems;
- Participates in the design of and configures infrastructure systems that optimize information access capabilities and ensures the security and integrity of these systems;
- Provides consulting in a technology area, such as IT security, network architecture (including LAN/WAN design), platform architecture (including mainframe and desktop hardware and software selection), middleware architecture (including messaging and physical data architecture);
- Acts as a consultant to management and individual employees regarding area of expertise including technical leadership and consultation in the areas of architecture and application design, systems programming, system integration, and/or database management or the analysis and development of highly complex technologies affecting multiple infrastructure areas;
- Serves as Subject Matter Expert on various IT project teams;
- Researches and analyzes technology trends and assists in the development of infrastructure technology strategy and standards;
- Troubleshoots existing infrastructure systems to identify errors or deficiencies;
- Recommends and implements software, hardware and configuration changes to improve system performance;
- Participates in defining architecture and technology standards to optimize system performance and integrity;
- Participates in long-term infrastructure technology strategy development and planning;
- Recommends new tools, technologies, and platforms to be implemented;
- Assists in the development of a comprehensive disaster recovery plan;
- Provides technical leadership;
- Provides assistance with escalated Tier III support issues;
- Works on multiple projects including complex integration efforts and transitioning applications to new technologies;
- Defines and develops the project scope of multiple complex projects;
- Makes recommendations towards buy versus build decisions surrounding applications;
- Designs component architectures, making use of multiple tiers to provide insulation to changes from application interfaces and databases;
- Participates in the evaluation and selection process for application packages to meet solutions;
- Recommends testing tools, middleware, and database management systems;
- Documents changes to architecture and conversion plans;
- Develops and maintains system and application architecture diagrams;
- Assists in organization-wide data modeling and database design;
- Participates in the definition of data architecture standards, policies and procedures for the organization structure, attributes and nomenclature of data elements;
- Assists in the design and construction of data architectures, operational data stores, and data marts;
- Performs related duties as required.
KNOWLEDGE, SKILL AND ABILITY
- Considerable knowledge of
- current methods of information systems analysis, design and development;
- principles, practices and techniques of information technology;
- applications systems development principles, techniques and development;
- principles and techniques of computer programming and languages;
- principles and theories of business planning functions;
- project management principles and techniques;
- principles and techniques of systems analysis and design;
- computer operating systems and databases;
- business re-engineering process;
- principles of data modeling and related tools;
- distributed systems architecture, network, middleware and object-oriented analysis;
- Considerable
- interpersonal skills;
- oral and written communication skills;
- skill in analysis and problem solving;
- Considerable ability to
- develop and implement system security and disaster recovery plans;
- identify, analyze and resolve highly complex business and technical problems;
- conduct highly complex detailed analysis and design of major computer systems and networks;
- develop reports, manuals and documentation.
MINIMUM QUALIFICATIONS - GENERAL EXPERIENCE
Nine (9) years of experience in infrastructure systems support, programming, database administration, systems/software development, networking or technical support.
MINIMUM QUALIFICATIONS - SPECIAL EXPERIENCE
Two (2) years of the General Experience must have been performing advanced technical level duties or as a working supervisor in such areas as: designing, configuring and implementing complex networks; configuring, installing and upgrading host-based applications packages and host and/or operating system software; system software/application development, performing any closely related advanced technical function.
NOTE: For state employees this experience is interpreted at the level of an Information Technology Analyst 3.
MINIMUM QUALIFICATIONS - SUBSTITUTIONS ALLOWED
- College training in management information systems, computer science or information technology related area may be substituted for the General Experience on the basis of fifteen (15) semester hours equalling one-half (1/2) year of experience to a maximum of four (4) years for a Bachelor's degree.
- A Master's degree in management information systems, computer science or electrical engineering may be substituted for one (1) additional year of the General Experience.
PREFERRED QUALIFICATIONS
- Experience applying IRS Federal Tax Publication 1075 standards to secure sensitive tax information.
- Experience implementing security measures in accordance with Health and Human Services (HHS) and HIPAA requirements.
- Experience utilizing National Institute of Standards and Technology (NIST) frameworks for information security management.
- Experience complying with payment card industry standards, performing application vulnerabilities and compliance scanning.
- Experience with Access Control, Software Development Security, and Business Continuity Planning.
Conclusion
AN AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER
The State of Connecticut is an equal opportunity/affirmative action employer and strongly encourages the applications of women, minorities, and persons with disabilities.
ACKNOWLEDGEMENT
As defined by Sec. 5-196 of the Connecticut General Statutes, a job class is a position or group of positions that share general characteristics and are categorized under a single title for administrative purposes. As such, a job class is not meant to be all-inclusive of every task and/or responsibility.