at Illinois Department of Innovation & Technology in Springfield, Illinois, United States
Job Description
35% Under general supervision, serves as an IT Security Audit Compliance Specialist for the Department of Innovation & Technology (DoIT) supporting the Department of Human Services (DHS):
- Designs and modifies data processing system and operations documentation.
- Develops logic to produce a specific task or series of tasks.
- Creates written programming specifications using Excel, Word, SQL or other programming languages and coordinates the assignments of tasks.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.
- Compiles reporting metrics, dashboards, and evidence artifacts.
- Performs cross-checks and auditing procedures to ensure accurate and reliable information services practices.
- Utilizes regulatory frameworks such as PCI DSS, HIPAA, MARS-E, NIST 800-53, or IRS Pub 1075 in performance of duties.
30% Confers with Unit Supervisor and co-workers to determine requirements for individual tasks or projects of limited size:
- Analyzes and revises agency work procedures to adapt to changes of the user and data processing procedures.
- Investigates internal and external information security risks and exception assessments
- Assesses incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Makes recommendations on the feasibility of revising existing operations or adapting new applications.
- Interviews users to determine the technical requirements for complying with specific requests and quality assurance reviews.
25% Programs, tests, and codes moderately difficult programs:
- Determines and corrects program deviations.
- Assists in detailed studies and analysis of data processing functions, methods, and procedures.
- Prepares system and program flowcharts, creates system production documentation, and analyzes program test materials, output reports, file dumps, etc. to ensure accurate program results.
5% Keeps abreast of new developments in the development of detailed systems design and programming field:
- Continues education by attending meetings, training sessions, seminars, and conferences to increase familiarity with and remain current on products, vendors, techniques, and procedures.
- Attends demonstrations and exhibitions related to assigned operations.
5% Performs other duties as required or assigned which are reasonably within the scope of the duties enumerated above.