• Job Description

  Req#: 29295

  Agency: Department of Innovation and Technology

  Posting Date:

  Closing Date/Time: 12/15/2023

  Salary: $8,279-$17,334/monthly (Anticipated Salary Rage $11,667-$12,917/month; $140,004-$155,004/annually)

  Job Type: Salaried Full Time

  County: Sangamon

  Number of Vacancies: 1

  Plan/BU: Term Appointment Gubernatorial (Management Bill) 000

  Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire a qualified candidate with the opportunity to work in a dynamic, creative thinking, problem solving environment. This position serves as the Deputy Chief Information Security Officer of Identity and Access Management for the Department. Duties include, but are not limited to the following: Oversees the Identity and Access Management (IAM) division, programs, functions and processes, which includes systems, governance and proofing; Develops policy for the Identity and Access Management division; Assists in the oversight and implementation of Information Technology (IT) security programs for agencies, boards and commissions under the jurisdiction of the Governor; Recommends and assists in developing comprehensive IT security plans and procedures; Provides direction in the development of security controls and testing of sensitive and confidential IT systems; Reviews and monitors functions and processes to ensure they meet compliance regulations, security/risk standards and/or control standards; Recommends and proposes development of strategic plans and programs and the introduction of initiatives and innovations to improve identity and access management capabilities; Serves as a full-line supervisor. If you possess these knowledges, skills, and abilities, we invite you to apply for this position with DoIT!

  As a State of Illinois employee, you receive a comprehensive benefits package including:

  • Competitive Group Insurance benefits including health, life, dental and vision plans
  • Flexible work schedules (when available and dependent upon position)
  • 10-25 days of paid vacation time annually (10 days for first year of state employment)
  • 12 days of paid sick time annually which carryover year to year
  • 3 paid personal business days per year
  • 13-14 paid holidays per year dependent on election years
  • 10 weeks of paid maternity/paternity leave
  • Pension plan through the State Employees Retirement System
  • Deferred Compensation Program – voluntary supplemental retirement plan
  • Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)
  • Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility

  For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

  ****A RESUME AND TRANSCRIPTS ARE REQUIRED FOR THIS JOB POSTING****

  
  Please attach a DETAILED Resume/Curriculum Vitae (CV), a copy of your transcripts or diploma for all degrees earned, and a copy of any applicable professional licensures to the MY DOCUMENTS section of your application. Please note that the Department of Innovation and Technology must verify proof of higher education for any degree earned (if applicable) before any offer can be extended. You WILL NOT be considered for the position if you attach a CMS100, CMS100b or any other document in lieu of a Resume or CV.

  Job Responsibilities

  25% Serves as the Deputy Chief Information Security Officer of Identity & Access Management (IAM) for the Department of Innovation and Technology (DoIT):

  • Oversees the Identity and Access Management (IAM) division, programs, functions and processes, which includes systems, governance and proofing.
  • As a policy formulating manager, develops policy for Department Identity and Access Management.
  • Assists in the development of enterprise policy and in the planning, implementing and administering of the Information Security Office.
  • Serves as an official agency spokesperson when the Chief Information Security Officer (CISO) is not available on matters that affect the Identity and Access Management division processes and functions.
  • Assists in the oversight and implementation of Information Technology (IT) security programs for agencies, boards and commission under the jurisdiction of the Governor.
  • Recommends and assists in developing comprehensive IT security plans and procedures.
  • Provides oversight and expert direction in the development of security controls and testing of sensitive and confidential IT systems.
  • Monitors and assists with the direction of independent and confidential IT security reviews by third parties.
  • Utilizes knowledge of information security controls including the National Institute of Standards & Technology (NIST) Cybersecurity Framework, and/or NIST SP 800-53, NIST SP 800-63, and the Center for Internet Security Critical Controls in performance of duties.
  • Implements computer networking concepts and protocols, and network security methodologies in performance of duties.
  • Evaluates programs and personnel performance, develops budgets and determines resource requirements.
  • Travels to meet with client agencies, private and federal officials, etc.

  20% Serves in a leadership role in support of Department and Division initiatives, services, projects and operations:

  • Provides direction, contributes to development of documentation and deliverables and makes recommendations to enhance security.
  • Oversees cybersecurity programs including managing information security implications in the areas of Identity and Access Management.
  • Reviews and recommends enterprise-wide security policies and procedures.
  • Directs the development of security standards, procedures and guidelines.
  • Analyzes and diagnoses security/system issues and coordinates efforts to resolve.
  • Speaks on behalf of the CISO at meetings, conferences, and other situations on identity and access management issues.
  • Reviews and monitors functions and processes to ensure they meet compliance regulations, security/risk standards and/or control standards such as PCI, HIPAA, PII, FISMA NIST, CISSP, ISC2, NIST, ITIL, CoBiT and COSO.
  • Commits the Division to specific courses of action relative to IAM in situations requiring interaction with other state agencies.
  • Travels when meetings, conferences, etc., are held off site.
    

  (Job Responsibilities continued)

  15% Recommends and proposes to the CISO, the development of strategic plans, programs and the introduction of initiatives and innovations to improve IAM capabilities:

  • Makes recommendations to DoIT staff on how to effectively address security weaknesses and issues.
  • Develops policies and plans and/or advocates for changes in policy that supports organizational cybersecurity initiatives, identity and access management, or required changes/enhancements.
  • Conducts research into security risks, breaches, threats or vulnerabilities used to circumvent security, and recommends strategies and resourcing to improve the overall information security posture of the state.
  • Works at various times outside of normal office hours to meet deadlines.

  10% Serves as full line supervisor:

  • Assigns and reviews work.
  • Provides guidance and training to assigned staff.
  • Counsels staff regarding work performance.
  • Reassigns staff to meet day-to-day operating needs.
  • Establishes annual goals and objectives.
  • Approves time off.
  • Adjusts first level grievances.
  • Effectively recommends and imposes discipline, up to and including discharge.
  • Prepares and signs performance evaluations.
  • Determines and recommends staffing needs.

  10% Serves as a liaison for agencies on IAM issues:

  • Reviews risk and assurance documents to confirm that the level of operational risk is within acceptable limits for each software application, system, and product within the identity and access management program.

  (Job Responsibilities continued)

  5% Serves as senior subject matter expert with customers, support staff, vendors, and other technicians regarding identity and access management, policy, procedures, and other security issues.

  • Oversees and/or manages projects and changes to existing IT environment to determine security requirements and/or impact of changes on security.
  • Presents information to others with clarity and precision.
  • Maintains satisfactory working relationships with others.

  5% Keeps abreast of new developments in the Information Technology (IT) field:

  • Continues education by attending meetings, training sessions, seminars and conferences to increase familiarity with and maintain current on emerging security issues, risks, and vulnerabilities, IT products, vendors, techniques and procedures as well as information security industry best practices.
  • Stays current on national and international laws, regulations, policies and ethics as they relate to cybersecurity.
  • Attends demonstrations and exhibitions related to assigned operations.
  • Travels to events when held off-site.

  5% Serves as principal liaison to the Illinois Emergency Management Agency:

  • Responds to the Statewide Incident Response Center as needed to represent the Department of Innovation & Technology during statewide emergencies.
  • Attends and participates in meetings.

  5% Performs all other duties as required or assigned that are reasonably within the scope of the duties enumerated above.

  Knowledge, Skills, and Abilities

  Minimum Qualifications:

  1. Requires knowledge, skill, and mental development equivalent to four (4) years of college with course work in Management Information, Security, Auditing, Risk Management, or related field.
  2. Requires prior experience equivalent to four (4) years of progressively responsible administrative experience in management information systems, information security or in a complex IT environment in a business or public organization.
  3. Requires three (3) years of professional experience supervising a team of IT professionals.

  Preferred Qualifications (In Order of Significance):

  1. Four (4) years of professional experience managing identity and access management functions and processes for a business or public organization.
  2. Four (4) years of professional experience developing strategic plans and initiatives to improve identity and access management capabilities.
  3. Four (4) years of professional experience with multiple compliance regulations such as PCI, HIPAA, PII. FISMA.
  4. Four (4) years of professional experience with multiple security/risk standards such as NIST, CISSP, ISC2.
  5. Four (4) years of professional experience with multiple control standards such as NIST, ITIL, CoBiT, COSO.
  6. Thorough knowledge of information security frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
  7. Thorough knowledge of information security controls including NIST SP 800-53, NIST SP 800-63, and the Center for Internet Security Critical Controls.
  8. Thorough knowledge of emerging security issues, risks, and vulnerabilities.
  9. Thorough knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
  10. Thorough knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  11. Thorough knowledge of identity and access management concepts, including federation, authentication, authorization, access controls, access control attacks, identity, and access provisioning life cycle.
  12. Ability to coordinate projects and activities of work associates to achieve desired results.
  13. Ability to administer protective or corrective measures when a security incident or vulnerability is discovered.
  14. Developed verbal and written communication skills to present information to others with clarity and precision.
  15. Certification in EC Council Certified Ethical Hacker, Microsoft Certified Professional, OKTA Certified Professional, and/or ISC2 Certified Information Systems Security Professional or similar
      

  Employment Conditions

  1. Requires ability to travel.
  2. Requires ability to pass a position specific, agency required background check.
  3. Requires ability to work outside of normal business hours to meet deadlines.
  4. Requires the ability to serve in an on-call capacity.
  5. Requires ability to attend seminars, conferences, and trainings to stay current on methods, tools, ideologies, or other industry related topics relevant to the job duties.
  6. Requires ability to use agency-supplied equipment (cell phone, laptop, etc.).
  7. Requires ability to lift and carry equipment weighing up to 50 pounds which is defined as medium work per the US Department of Labor (20 CFR 404.1567(d).

  The conditions of employment listed are incorporated and/or related to any duties included in the position description
  

  Work Hours: 8:30am-5:00pm; Monday-Friday

  Work Location: 120 W Jefferson St Springfield, IL 62702-5170

  Agency Contact: Melissa Roeder

  melissa.roeder@illinois.gov
  Job Family: Leadership & Management; Science, Technology, Engineering & Mathematics

  Revolving Door:
  Certain provisions of the revolving door restrictions contained in 5 ILCS 430/5-45 apply to this position. As a result, the employee should be aware that if offered non-State employment during State employment or within one year immediately after ending State employment, the employee shall, prior to accepting any such non-State employment offer, notify the Office of the Executive Inspector General for the Agencies of the Illinois Governor (“OEIG”) or may be subject to a fine.

  Term Appointment:
  Candidates hired into a term position shall be appointed for a term of 4 years and are subject to a probationary period. The term may be renewed for successive four-year terms at the Director of the Department of Innovation and Technology’s discretion.

  The Department of Innovation & Technology (DolT) is the state's IT agency delivering an enterprise approach to statewide technology, innovation and telecommunication services, as well as policy and standards development, lifecycle investment planning, and cybersecurity services. With over 1,500 employees, DolT delivers IT services and innovative solutions to customer agencies to improve services provided to Illinois residents, DolT offers employees the opportunity to advance their careers, develop new skills and reach their potential, both personally and professionally. DoIT is committed to promoting and preserving a workplace culture that embraces diversity and inclusion. We welcome and value employees with different backgrounds, life experiences and talents. It is the collective sum of our individual differences that provides a broad perspective, leading to greater innovation and achievement. In recruiting for our team, we recognize the unique contributions of each applicant regardless of culture, ethnicity, race, national origin, sex, gender identity and expression, age, religion, disability, and sexual orientation.

  The main form of communication will be through email. Please check your “junk mail”, “spam”, or “other” folder for communication(s) regarding any submitted application(s). You may receive emails from the following addresses:

  • donotreply@SIL-P1.ns2cloud.com
  • systems@SIL-P1.ns2cloud.com

• About the company

  The Governor of Illinois is the chief executive of the State of Illinois, and the various agencies and departments over which the officer has jurisdiction, as prescribed in the state constitution.

Notice