Job Postings
Members, sponsors and associates of the Portland ISSA Chapter can request to post job opportunities posted here. Please contact “President at issa-portland dot org” to have postings added/removed from this page. If you are interested in a posting it might be worth checking with the chapter membership for the “inside scoop”.
JOB POSTING 9/1/2010
Sr Information Security Analyst
Job ID: 0710-1396 Position Type: Regular Full-Time
Location: US-OR-Salem Application Deadline: Open until filled
Shift: Day Posted Range: $66,000 – $101,220
FLSA Exemption: Exempt Salary Grade: 17I
Schedule: Mon.-Fri.; 8am-5pm Job Start Date: ..
Overview:
What could be more exciting than working with an organization that does good things for Oregon? Dedicated to a Diverse Workforce, the Oregon Lottery is a very successful revenue-producing state agency that creates and sells entertaining games. Profits from these games help support Oregon’s education system and fund economic development projects, state parks and salmon habitat projects.
The Oregon Lottery is seeking dedicated employees to join our team! We currently have one (1) opening for a regular service Sr. Information Security Analyst in our Information Technology Department. This is an exempt position and is not eligible for overtime.
POSITION PURPOSE:
The Sr. Information Security Analyst provides technical expertise in support of IT’s Information Security and Business Continuity Management programs to help maintain the confidentiality, integrity and availability of the organization’s critical technology infrastructure and information assets. This position serves as a Project Leader or key resource for Lottery projects sponsored in support of Information Security and BCMP programs. In addition, the Sr. Information Security Analyst supports a number of on-going functions associated with information classification, security vulnerability assessment, security event monitoring, incident response, security and availability metrics, awareness training, risk analysis, compliance management, audit support, appropriate use monitoring, computer forensics, eDiscovery, business impact analysis and disaster recovery planning. Staff in this position will also serve in a leadership role to support program management functions associated with the Lottery’s Information Security and/or Business Continuation Management programs.
JOB SCOPE:
This position works both independently and as a member of various teams to support the Lottery’s IT security controls and Information Security and Business Continuity Management program objectives. Work is guided by IT security standards and procedures, Business Continuity Management strategies, Lottery policies, IT service management processes and direction from the IT Infrastructure Manager and CIO. The Sr. Information Security Analyst performs on-going analysis, monitoring and reporting functions and serves as a technical lead for the assigned functions. This position also serves as a Project Leader / Technical Lead for Information Security and BCP enhancement projects and represents the Information Security team on other Lottery project teams as a subject-matter expert, providing guidance to customers, vendors and other Lottery staff.
Responsibilities:
PRINCIPAL ACCOUNTABILITIES (*ESSENTIAL FUNCTIONS):
1. *Perform Program Management functions in support of the Lottery’s Information Security and/ or Business Continuity Management programs.
Typical Activities:
Serve in a leadership role to support program management functions associated with the Lottery’s Information Security and/or Business Continuation Management programs. Work with the program sponsor to develop and support the Lottery’s Information Security and/or Business Continuity programs and associated activities. Assist with on-going efforts to formalize information security and business continuity risk assessment processes and ensure related projects and activities are in alignment with the Lottery’s strategic plans, program goals and compliance requirements.
As assigned, develop program plans. Work with assigned program coordinator to maintain program plan and track related projects. Prepare documentation in support of IT’s fiscal year project planning and budget development activities.
Represent the Lottery’s Information Security team on the State of Oregon Enterprise Information Security Council (SISC). Participate in Information Security or Business Continuity Management sub-committees as assigned.
2. *Plan and implement enhancements to the Lottery’s Information Security controls and Business Continuity Plan (BCP).
Typical Activities:
Serve as the Technical Lead / Project Leader for Information Security enhancement projects related to information security policies, standards or procedures. Serve as a subject matter expert for Information Security on other projects involving the planning and implementation of new systems, network or applications.
As assigned, serve as a Technical Lead or contributor for Business Continuity Management projects associated with enhancing the Lottery’s BCP content, awareness training and testing, business impact analysis and disaster recovery (DR) improvements.
Plan and implement enhancements to information security controls, BCP plan and DR processes utilizing established change control and other IT service management processes. Utilize and model IT project management methodologies to ensure project objectives are met and documented as expected. Provide guidance and instruction to other technical resources and department representatives on the assigned project teams.
3. *Coordinate and perform on-going functions in support of the Lottery’s Information Security and Business Continuity Management programs.
Typical Activities:
Participate in the monthly Information Security meeting and including development and review of information security metrics and identification of any critical technology or process enhancements. Update assigned metrics associated with information security controls and availability of critical systems / networks.
Perform on-going program activities associated with information security awareness training. Assist in performing security vulnerability assessments associated with critical Lottery and vendor systems, networks and applications. Complete assessment and mitigation tasks associated with information security incidents and escalate critical incidents to management. Coordinate with IT resources responsible for administration of the associated host systems and network security controls. Coordinate IT activities required to support eDiscovery requests.
As assigned, coordinate tasks associated with on-going maintenance of the Lottery’s Business Continuation Plan (BCP) and associated disaster recovery (DR) plans.
Design, configure and monitor security applications associated with Security Information Management (SIM), Enterprise Rights Management (ERM), eDiscovery, Data Loss Prevention (DLP), system auditing, etc. Perform on-going monitoring of appropriate use of information technology assets by Lottery employees which may also represent a security risk. Support information requests associated with inappropriate use of information technology assets or employee investigations. Perform forensics activities in support of appropriate use or information security incidents.
Develop and update information security policies and associated IT security standards, procedures and associated documentation in support of the Information Security program as assigned.
4. *Provide technical guidance and support to IT staff and customers.
Typical Activities:
Provide technical training and guidance to IT staff in performing job functions associated with meeting established IT security standards and policies and supporting Business Continuity Management plans. Represent the Information Security function as a technical resource to both internal and external customers.
5. *Maintain knowledge of functional areas.
Typical Activities:
Maintain knowledge of functional areas to assist in meeting a variety of business requirements, applying information security, business continuation management, technology and business skills and approaches within multiple disciplines. Continually develop skills and knowledge in information security best practices and associated IT technologies.
ADDITIONAL RESPONSIBILITIES:
6. Perform other duties as assigned.
7. Required to carry a mobile device and provide on-call support related to information security incident response during business and non-business hours.
INTERPERSONAL CONTACTS:
The Sr. Information Security Analyst interacts with all levels of Lottery staff, vendors, and customers to perform essential job duties. This is done in person, by telephone or through electronic and written communications.
JOB CONDITIONS:
Work is typically performed in an office environment with occasional work in a Data Center environment. Occasionally required to move up to 30 pounds of equipment. Typically works under time frames that can result in a stressful work situation. Occasional travel required for training purposes.
Qualifications:
RECOMMENDED QUALIFICATIONS:
A Bachelor’s degree in Computer Science or a related field and four (4) years of Information Technology experience performing information security analysis functions in an enterprise environment. CISSP or equivalent certification is also required; OR
An Associate’s degree in Computer Science or a related field and five (5) years of Information Technology experience performing information security analysis functions in an enterprise environment. CISSP or equivalent certification is also required.
If incumbent is not a certified CISSP, they will be required to become certified within the first six (6) months of employment.
OTHER QUALIFICATIONS:
Demonstrated skill and experience with information security principles, industry standards and best practices.
Demonstrated technical lead / project leader experience in planning, implementing, and supporting enterprise information security tools.
Demonstrated knowledge and skill related to IT project management methodologies and best practices. Project management certification is highly desirable.
Demonstrated knowledge and skill related to Business Continuity Management and Disaster Recovery (DR) planning.
Demonstrated skill in effective written and verbal communication.
Demonstrated experience in the following technical areas:
Web application development security: Microsoft ASP .NET security / best practices, web application security testing practices and tools, encryption standards, etc.
Software tools associated with web content filtering, privacy / data leakage, data classification, eDiscovery, etc.
Systems / network security: Host operating system (Windows, Linux, etc.), web server security, database and e-mail security; Virus protection, Network IPS/HIPS, Firewall administration, Cisco network security, VPNs, etc.
Demonstrated knowledge related to e-Discovery best practices.
Demonstrated skill in leading major projects including project objectives, schedules, budget and results assessment.
Demonstrated skill in obtaining results by influencing and coordinating the work of other staff.
Demonstrated experience in developing and maintaining standards, procedures and technical documentation associated with information security controls.
Demonstrated skill effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadlines.
Demonstrated ability to anticipate, identify and resolve information security or other issues that may adversely impact Lottery operations or projects.
Demonstrated ability to balance business requirements and security risks
Demonstrated ability to learn and work within specific rules, regulations, policies and standards.
APPLY NOW!! Visit http://www.oregonlottery.org/jobs/
The results of this recruitment may be used to fill future vacancies.
The Oregon Lottery® reserves the right to change, withdraw, close, or re-post job announcements as business needs dictate.
ORS 461.150 (5) states, “No person shall be employed by the state lottery who has been convicted of a felony or any gambling related offense.” A background investigation is required prior to job offer which includes fingerprinting, criminal history, credit history (based on the position), tax records, driving record, affiliation with the gaming industry, and checking employment references and character references.
ORS 461.150 (5) states, “No person shall be employed by the state lottery who has been convicted of a felony or any gambling related offense.” A background investigation is required prior to job offer which includes fingerprinting, criminal history, credit history (based on the position), tax records, driving record, affiliation with the gaming industry, and checking employment references and character references.
*Salary level will be based on qualifications and experience of the successful candidate. All employees and members of their immediate family, regardless of where they live, are prohibited-by-law from playing Oregon Lottery® games.
Pursuant to the American with Disabilities Act, persons with disabilities who believe they need reasonable accommodation, or help in order to apply for this position, may call 503-540-1315 or email oregon.lotterycareers@state.or.us
Per ORS 408.225, 408.230, and 408.235 relating to Veterans Preference for public employment, to receive Veterans Preference, include a copy of your DD214/DD215 or Veterans’ disability preference letter (unless information is included in the DD214/DD215) with your application material.
THE OREGON LOTTERY® IS AN EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER COMMITTED TO WORKPLACE DIVERSITY.
