Overview
From $86,681 to $109,650 Annually
110 State Street
Albany, NY 12236
Minimum Qualifications
Bachelor’s degree* with at least 15 credit hours in cyber security, information assurance, or informational technology AND two years of information technology experience, including one year of information security or information assurance experience.**
*Substitution: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience.
**Experience solely in information security or information assurance may substitute for the general information technology experience.
Duties
This position resides on the Retirement Security Unit in the bureau of Information Security Office within the Chief Information Office.
- Provide information security expertise and recommendations to management, the business, and technical teams in support of information security initiatives.
- Provide guidance to teams responsible for developing, deploying, and maintaining the New York State & Local Retirement System (NYSLRS) information security solutions.
- Implement information security procedures and processes, and risk management and remediation activities including, but not limited to, monitoring and reporting compliance, ensuring security safeguards are in place, and advancing the Information Security Office (ISO)’s Information Security Program to strengthen the Office of the State Comptroller (OSC)’s security posture.
- Plan and conduct outreach programs and activities to increase cyber security awareness.
- Develop and maintain security documentation.
- Ensure all OSC Information Security Office (ISO) security policies, standards, and directives are upheld and maintained for NYSLRS systems.
- Collaborate with the ISO to implement plans to mature NYSLRS information security risk analysis and management processes, collaborate with NYSLRS Business Units to detect and prevent fraud, and maintain the NYSLRS Security Risk Register.
- Participate in the collection of data for investigative purposes as required by the ISO.
- Administer information security and risk management tools to maintain situational awareness.
- Support the management and resolution of information security vulnerability remediation activities.
- Implement security control audit plans.
- Participate in improving monitoring and detection capabilities.
- Supervise the activities of staff to ensure NYSLRS Retirement Security Unit duties are performed in a timely and accurate manner according to established priorities and division goals/strategies.
- Supervise staff by communicating objectives and expectations, assigning tasks/projects, reviewing progress/deliverables, and providing constructive feedback.
- Perform all administrative duties including, but not limited to, development and completion of comprehensive performance evaluations, and review of timesheets/telecommuting journals.
- Maintain training plans and provide staff with training opportunities appropriate to their level of expertise including on-the-job training, vendor-sponsored events, and formal outside training.
- Oversee development of staff through knowledge transfer across the team.
- Guide staff to promote collaboration within the organization.
- Handle personnel and performance issues timely and with discretion.
- Ensure participation in and completion of OSC’s mandatory training courses and ensure completion is documented for auditing purposes.
- Understand and ensure adherence to all agency policies and standards.
- Keep management abreast of progress, issues, and risks that could affect the completion of objectives and requests outside of assigned duties.
- Collaborate with OSC ISO, Chief Information Office (CIO), and NYSLRS to keep them informed of key security activities.
- Keep management updated on projects and work activities.
- Support ISO security program activities.
- Create and maintain ISO documentation.
Knowledge, Skills & Abilities
Preferred Experience
- Working knowledge of:
- Information Security (CIA triad, Information Classification, Risk Management).
- Information Security Frameworks (NIST Cyber Security Framework, CIS Controls).
- Vulnerability Management.
- Demonstrated experience with auditing and monitoring solutions.
- Demonstrated experience with MS Excel and SQL Developer.
- Demonstrated critical thinking, problem solving and analytical skills.
- Demonstrated skills in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.
- Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts that allow Business and Management to make informed decisions.
- Ability to maintain confidentiality.
Additional Comments
Telecommuting
The Office of the New York State Comptroller supports telecommuting where it is reasonable to do so based upon the agency’s mission and operational needs. Generally, new employees will be restricted from telecommuting for at least 8 calendar weeks. After the initial 8 calendar week restriction, if an employee’s primary residence location, duties, and work performance are aligned with telecommuting and operational needs they may be allowed to do so. Generally, employees may telecommute up to 5 days per pay period but may be approved to telecommute less.
Reasonable Accommodation
The Office of the New York State Comptroller provides reasonable accommodations to applicants with disabilities. If you need reasonable accommodation for any part of the application and hiring process, please notify the Division of Human Resources at (518) 474-1924.
Equal Opportunity Employment
The Office of the New York State Comptroller values a workforce with a broad, diverse range of backgrounds and perspectives. All employees are expected to contribute to a professional environment focused on self-evaluation and improvement, as well as acceptance and support of coworkers.
Some positions may require additional credentials or a background check to verify your identity.
The Office of the State Comptroller does not participate in E-Verify or sponsor visa applications.
OSC offers competitive salaries and benefits, and opportunities for advancement, continuing education, and professional development. We provide a professional environment where employees are encouraged to push themselves while maintaining work-life balance. Our generous benefits package includes:
- A state pension with vesting after five years’ service
- Comprehensive medical, dental and vision insurance available to all employees and their dependents
- Flexible spending accounts for dependent and health care
- Productivity Enhancement Program (PEP), allowing eligible employees to exchange previously accrued leave in return for a credit to be applied toward their health insurance
- Public Service Loan Forgiveness (PSLF)
- NYS Deferred Compensation plan
- Access to NY 529 and NY ABLE College Savings Programs, and U.S. Savings Bonds
- Holiday and paid time off
- Shift and geographic pay differentials
- A committed continuous learning environment
- Informational Brown Bag sessions
- Wellness at Work Programs to promote employee health and wellness
- OSC Mentoring Program to network, contribute, and provide an opportunity to strengthen competencies in a variety of areas
- And much more
Kathy Shellhamer
P: (518) 474-1924
F: (518) 486-6723
[email protected]
Division Contact
Elizabeth Gifford
[email protected]
To Apply
Submit a clear, concise cover letter and resume stating how you meet the above minimum qualifications. Reference Item #00580-KKS on your cover letter for proper routing.
Be sure to include a copy of any unofficial transcripts if there are educational requirements / minimum qualification substitutions for this position. Documents must be sent as unlocked and accessible attachments.