Office of Cybersecurity IT Security & Compliance Admin III (DoIT #10117004+)
Apply NowCompany: State of New Mexico
Location: Santa Fe, NM 87507
Description:
$38.44 - $61.50 Hourly
$79,950 - $127,920 Annually
This position is a Pay Band IF
Posting Details
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
This posting will be used to conduct ongoing recruitment and may close at anytime. Applicant list may be screened more than once. This posting may be used to fill multiple positions.
Why does the job exist?
The position is accountable for oversight of the technical, physical, and administration security of information systems. Will be responsible for developing and implementing robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The Office of Cybersecurity (OCS) performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to formulating and executing surveillance and monitoring strategies and ensuring appropriate responses to security incidents. They will focus on developing and riving driving security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
This position will manage the cybersecurity services being provided to State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions, services may include vulnerability management, attack surface management,penetration testing and user security awareness training.
How does it get done?
The position will establish, implement, and enforce enterprise security standards and policies. The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations. The position will monitor all systems for information security abnormalities and conduct investigations in addressing them. Protect the confidentiality, integrity, and availability of all sensitive and confidential data.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation. Develop and implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices. Monitor compliance with security policies, standards, guidelines, and procedures. Participate in designing secure infrastructure solutions and applications.
Assist with investigating, evaluating, and working with internal and external organizations to resolve cybersecurity incidents in accordance with prescribed policies and procedures. Experience implementing technical cybersecurity solutions to address policy requirements. Analyze and respond to security incidents and investigations. Coordinate and collaborate with third-party security agencies or contractors in performing security assessments.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training. Perform security services including audits, vulnerability scans, and penetration testing to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Review security intelligence and updates security tools to detect and block malicious IP's and signatures.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Deliver security awareness training and provide reporting on participation and compliance.
Provide input to the preparation of disaster recovery plans.
Prepare documentation for all actions taken.
Who are the customers?
State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and four (4) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling eight (8) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience
Education and years of experience must be related to the purpose of the position.
If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Must possess and maintain current ID or Driver's License. Pre-employment background investigation is required, and employment is conditional pending results.
Working Conditions
Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya @ (505) 490-7236 or Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.
$79,950 - $127,920 Annually
This position is a Pay Band IF
Posting Details
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. Federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is critical for the states Chief Information Security Officer (CISO) to acquire additional security and compliance admins that are supporting the Office of Cybersecurity.
This posting will be used to conduct ongoing recruitment and may close at anytime. Applicant list may be screened more than once. This posting may be used to fill multiple positions.
Why does the job exist?
The position is accountable for oversight of the technical, physical, and administration security of information systems. Will be responsible for developing and implementing robust cybersecurity compliance strategies that proactively address regulatory requirements while identifying potential compliance issues. Responsible for introducing and developing new technologies, and processes, as well as improving existing processes.
The position will ensure our services, vendors, and all stakeholders meet applicable legal, safety, and quality standards. The Office of Cybersecurity (OCS) performs critical cybersecurity duties, including IT risk management, threat assessment, incident mitigation and response, compliance and users awareness.
The incumbent will contribute to formulating and executing surveillance and monitoring strategies and ensuring appropriate responses to security incidents. They will focus on developing and riving driving security strategies, standards, ensuring the effectiveness of solutions, and providing security-emphasis consultative and training services.
This position will manage the cybersecurity services being provided to State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions, services may include vulnerability management, attack surface management,penetration testing and user security awareness training.
How does it get done?
The position will establish, implement, and enforce enterprise security standards and policies. The position will oversee training of employees in data security, conduct risk assessments, audits, and coordinate/lead security incident investigations. The position will monitor all systems for information security abnormalities and conduct investigations in addressing them. Protect the confidentiality, integrity, and availability of all sensitive and confidential data.
Assist and support in writing and reviewing cybersecurity policies, addressing policy requirements, security procedures, information systems security plans, incident response plans, disaster recovery plans, configuration management plans, and other related documentation. Develop and implement Information Security (INFOSEC) standards for SoNM by following industry standards such as NIST 800 Series guides and best practices. Monitor compliance with security policies, standards, guidelines, and procedures. Participate in designing secure infrastructure solutions and applications.
Assist with investigating, evaluating, and working with internal and external organizations to resolve cybersecurity incidents in accordance with prescribed policies and procedures. Experience implementing technical cybersecurity solutions to address policy requirements. Analyze and respond to security incidents and investigations. Coordinate and collaborate with third-party security agencies or contractors in performing security assessments.
Provide oversight for vulnerability management as a service (VmaaS) and remediation, attack surface management (ASM), penetration testing, audits, and user security awareness training. Perform security services including audits, vulnerability scans, and penetration testing to ensure that systems and users are adhering to the necessary procedures and processes to maintain IT security and compliance.
Support stakeholders in security inquiries, questionnaires, and security compliance assessments to gain their confidence in our security practices and adherence to security frameworks. Interpret governmental security regulations and communicate compliance requirements to stakeholders.
Provide continuous security monitoring, reporting, and other recurring security and compliance activities. Monitor all systems logs for any abnormalities and address them accordingly via the use of a Security Event and Information Management (SEIM) tools.
Conduct monitoring of security tools and implement controls as directed.
Review security intelligence and updates security tools to detect and block malicious IP's and signatures.
Review security intelligence and perform threat hunts for indications of compromise in the environment.
Review logs and activities and escalate to more State agencies when necessary.
Deliver security awareness training and provide reporting on participation and compliance.
Provide input to the preparation of disaster recovery plans.
Prepare documentation for all actions taken.
Who are the customers?
State of New Mexico agencies, K-12 Public Schools and Higher Educational Institutions.
Ideal Candidate
The ideal candidate for the position should possess the following qualifications:
Experience in IT security, incident response strategies, NIST 800-53, information technology governance, information security policies, standards, and industry best practices, compliance frameworks for information security, scoping, conducting audits, risk assessments, and documenting results.
Will need to have strong interpersonal skills including the ability to build trusting relationships within the office, SoNM agencies and with external partners. Be able to effectively communicate and coordinate cybersecurity policies and procedures at all levels both orally and in writing; work independently and in a team environment, analyzing problems, proposing solutions to management, and deploying and documenting implemented solutions, cybersecurity analysis and reporting. Demonstrate successful experience working in a high-pressure team environment.
Knowledge of cloud-based environments to include Azure, Office 365, Defender, and Sentinel. Experience with MS-ISAC, KnowBe4, Ivanti Neurons RVBM platform, Ivanti Neurons ASM, Cisco Steathwatch, Cisco Radware, Cisco Umbrella, and Solarwinds IPAM.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and four (4) years of experience in IT security or compliance validation (e.g. HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling eight (8) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g. CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g. PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.
Substitution Table
These combinations of education and experience qualify you for the position:
Education Experience Education Experience 1 High School Diploma or Equivalent AND 8 years of experience OR High School Diploma or Equivalent AND 8 years of experience 2 Associate's degree in the field(s) specified in the minimum qualification AND 6 years of experience Associate's degree or higher in any field AND 8 years of experience 3 Bachelor's degree in the field(s) specified in the minimum qualification AND 4 years of experience 4 Master's degree in the field(s) specified in the minimum qualification AND 2 years of experience 5 PhD degree in the field(s) specified in the minimum qualification AND 0 years of experience
Education and years of experience must be related to the purpose of the position.
If Minimum Qualification requires a specific number of "semester hours" in a field (e.g. 6 semester hours in Accounting), applicants MUST have those semester hours in order to meet the minimum qualifications. No substitutions apply for semester hours.
Employment Requirements
Must possess and maintain current ID or Driver's License. Pre-employment background investigation is required, and employment is conditional pending results.
Working Conditions
Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya @ (505) 490-7236 or Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.