This position plays an essential role in protecting the confidentiality, integrity and availability of State information systems and data through the identification of security and privacy protection risks, and ensuring the compliance of systems and organizations with existing Statewide policies and regulatory requirements.
This position ensures that the appropriate proactive analysis and auditing of security controls and processes are in place and effective to help the State withstand and/or recover from issues caused by known and unknown internal or external threats.
• Ensures organization compliance to Statewide Information Security policies, NIST, ISO, PCI, HIPAA and other security standards by providing information security and privacy protection compliance reviews and proactive assessments. Assists with the development and implementation of enterprise-wide information security and privacy policies and standards
• Identify information security and privacy protection risks across the state and direct agencies to adopt risk mitigation strategies, methods and procedures to minimize the risks in accordance with established risk management policies and procedures. Assists with data breach and privacy incident investigations
• Participates in projects by evaluating systems security plans and implemented security controls for security and privacy compliance of technology infrastructure and applications to reduce security risk and enhance overall security posture
• Support the statewide information security and privacy protection awareness and training programs
• Leads or participates with all internal and external security and privacy audits and assessments
• Other duties as assigned as related to the position
Knowledge:
• This role demands a comprehensive expertise in information security technologies, with a focus on industry trends, best practices, and the implementation of robust security measures across various domains. The candidate must have a solid understanding of key information protection standards, including NIST, HIPAA, PCI, and IRS, and demonstrate proficiency in assessing and managing risks, ensuring compliance, and addressing vulnerabilities within an organization’s infrastructure
• In addition, the candidate should possess deep knowledge of cybersecurity workforce dynamics, virtual learning environments, and the development and enforcement of cybersecurity operation policies and procedures. They should be well-versed in the principles and practices of risk management, business continuity, and disaster recovery, with an ability to apply these concepts to real-world scenarios
• Expertise in privacy laws and regulations, cybersecurity threats and vulnerabilities, and the use of advanced cyber defense tools and techniques is essential. The ideal candidate will also have experience with enterprise cybersecurity architecture, identity and access management, and the evaluation and validation of security controls. Familiarity with emerging technologies, insider threat management, and supply chain risk management is crucial, as is knowledge of industry models and frameworks for cybersecurity and data protection. Overall, this role requires a strategic thinker capable of integrating a broad spectrum of cybersecurity knowledge into cohesive and effective security strategies
Skills:
• This role requires strong customer service skills, along with excellent interpersonal, written, and oral communication abilities to effectively interact with clients and stakeholders. The ideal candidate should possess a robust skill set in identifying gaps in technical capabilities, applying security controls, and interfacing with customers to address their needs. Proficiency in assessing security system designs, applying secure coding techniques, and performing root cause analysis is crucial for maintaining and enhancing system security
• Additionally, the candidate must be adept at processing and verifying data for follow-on analysis, as well as deriving evaluative conclusions to support informed decision-making. The ability to communicate complex concepts both verbally and in writing, facilitate group discussions, and create technical documentation is essential. Expertise in developing security assessments, instructional materials, and policy plans is also required. The candidate should be skilled in maintaining standard operating procedures, evaluating laws, regulations, and policies, and analyzing processes to ensure compliance with procedural requirements
• Critical thinking and collaboration are key skills for this role, especially in dynamic, fast-paced environments. The ability to analyze large data sets, identify target vulnerabilities, and align privacy and cybersecurity objectives is vital. The candidate should also be proficient in risk assessment, identifying system vulnerabilities, and applying policies that meet system security objectives. Additional skills include performing technical writing, negotiating vendor agreements, and building relationships with internal and external stakeholders to effectively manage and mitigate cybersecurity risks
Ability:
• The tasks associated with this job involve ensuring the effectiveness and compliance of an organization's cybersecurity and privacy programs. This includes assessing and managing the effectiveness of security controls, correlating training efforts to business or mission needs, and managing accreditation packages to maintain compliance. Establishing and maintaining privacy audit programs is essential for continuous monitoring and mitigation of privacy risks. The role also involves determining the legal and operational impacts of cybersecurity incidents and identifying critical technology procurement needs
• Additional responsibilities include researching new vulnerabilities, advising senior management on risk levels and cybersecurity posture, and developing risk profiles. The role requires conducting privacy impact assessments, identifying vulnerabilities, and recommending remediation strategies. There is a strong focus on developing, implementing, and auditing cybersecurity policies, training programs, and compliance processes. Ensuring that contracts and procurement efforts meet legal, funding, and security requirements is also crucial, as is advising on risk management and overseeing cybersecurity audits. Finally, the role includes developing and delivering training, promoting awareness, and ensuring alignment of cybersecurity and privacy practices with organizational goals
• Bachelor's degree plus 2 years of extensive experience in information security controls and regulatory compliance (or equivalent experience)
• Certified Information Security Systems Professional preferred
• Required to drive on State business; must possess a valid Arizona driver's license
• Proof of U.S. Citizenship required (due to security clearance)
If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business, then the following requirements apply: Driver’s License Requirements.
The State of Arizona offers a comprehensive benefits package to include:
• Optional employee benefits include short-term disability insurance, deferred compensation plans, and supplemental life insurance
• Life insurance and long-term disability insurance
• Vacation with 10 paid holidays per year
• Health and dental insurance
• Retirement plan
• Sick leave
Learn more about the Paid Parental Leave pilot program here. For a complete list of benefits provided by The State of Arizona, please visit our benefits page
• Positions in this classification participate in the Arizona State Retirement System (ASRS)
• Please note that enrollment eligibility will become effective after 27 weeks of employment
• If you have any questions please feel free to contact Ariel Gonzalez at agonzalez@az.gov for assistance