at Illinois Department of Innovation & Technology in Springfield, Illinois, United States
35% Under administrative direction, serves as the Information Security and Risk Officer for the Department of Innovation & Technology (DoIT), supporting the Department of Insurance (DOI):
- Administers security policies, programs and initiatives aligning them with the business objectives of DOI.
- Performs complex professional and advisory functions in administering risk management functions related to the identification, assessment and remediation of data security risks presented by in-house information software and hardware technologies.
- Coordinates and conducts complex technical support and delivery of security policy, standards, processes, procedures and guidelines using industry best practices and Agency identified framework.
- Conducts and coordinates in-depth technical research on interactions with all business areas to identify information risk components, internal security controls and compliance with risk mitigation methods.
- Coordinates with, assists and supports Agency’s GRC team in conducting risk assessments as scheduled
- Completes management and audit reports and tracks remediation efforts.
- Administers security related policies and procedures and coordinates related training and Cyber Security awareness activities.
- Administers and evaluates the agency’s business continuity plan and serves as the IT disaster preparedness coordinator responsible for analysis, design, development, testing, implementation, and review of the agency’s disaster recovery plan.
- Provides guidance and advice concerning security activities to staff.
- Stays abreast of current state and federal compliance requirements and initiates changes as needed.
- Tracks third-party vendor due diligence activities and maintains compliance schedules.
- Reviews third-party vendor contractual agreements and third-party audit reports for regulatory compliance
- Coordinates information systems activities with internal and external auditors.
- Performs reviews for compliance with the Fiscal Control and Internal Audit Act and completes related surveys.
- Updates the Information Systems Internal Control Reference and the policies, standards and procedures documentation to ensure IT equipment loss is properly documented
- Completes forms to process claim reimbursements.
- Utilizes IT security controls including National Institute of Standards and Technology (NIST) standards in performance of duties.
30% Coordinates network planning, administration, and operations activities:
- Monitors security vulnerabilities and updates with provided tools to coordinate appropriate fixes with assigned teams
- Develops network and system requirements and reviews existing systems to evaluate and recommend new procedures and techniques to improve effectiveness.
- Plans and coordinates system and hardware configurations, installations and removals.
- Implements and carries out systems tuning to improve systems and software performance and to optimize hardware installation.
- Maintains information logs for equipment locations, client access, software use and other system statistics and prepares system documentation.
- Maintains access control of the Department’s computer resources including Resource Allocation Control Facility (RACF).
- Coordinates access authorizations to external systems.
- Coordinates Active Directory administration including organization unit and group policy implementation, responsible for implementation, maintenance, and monitoring of daily data backups.
- Maintains comprehensive documentation describing network and operational considerations.
15% Serves as project coordinator:
- Determines and coordinates project components including project scheduling and assignments to ensure agency meets and maintains regulatory compliance.
- Assigns and reviews the work of project staff.
- Provides expertise, guidance and direction to staff.
- Provides status reports to the supervisor regarding project completion and staff performance on projects.
10% Functions as IT liaison interacting with other state agencies and outside entities, including agencies of other states, the federal government, and the National Association of Insurance Commissioners (NAIC) to coordinate security for sharing of data:
- Researches and reports on security violations and statistics
5% Keeps abreast of new developments in the Information Technology (IT) field:
- Continues education by attending meetings, training sessions, seminars and conferences to increase familiarity with and maintain current on IT products, vendors, techniques and procedures.
- Attends demonstrations and exhibitions related to assigned operations
5% Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.