IT Security Specialist
- Clifton Park, NY
Life at nfrastructure
At nfrastructure, we understand that our success results from our diverse workforce. In every nfrastructure office, you will find challenging projects and smart people with the potential to wow our customers. nfrastructure team members relish the freedom and support they receive to help our customers solve their most challenging problems and create the next generation of dynamic infrastructure solutions in an environment designed to foster collaboration, creativity, excitement and success.
The area: Technical Staffing
At nfrastructure, we organize and change around our customers. nfrastructure’ s Technical Staffing team embodies that pursuit. We are devoted to helping our clients find relevant solutions that meet their changing needs and to consistently exceed their expectations. In every customer location, you will find challenging projects and the opportunity to improve the way that they do business. nfrastructure will continuously develop our services platform by hiring the most talented IT professionals to support our customers. So if you are proactive, motivated, organized, responsible – and able to work well in a fast-paced, team-oriented environment, Technical Staffing may be the right place for you.
paced, team-oriented environment, Technical Staffing may be the right place for you.
The role: IT Security Specialist
As the IT Security Specialist, you will report directly to the Security Assistant Manager. IT Security
Specialist provides the technical support for operating system security solution and ensures that
supervisors are aware of any emerging issues.
- In conjunction with the LOB Solution Vendor, develop, implement, maintain, and document detailed technical designs and procedures for operating system security and required security roles in accordance with existing OSC’s systems standards as well as any other applicable standards.
- In conjunction with the LOB Solution Vendor, execute the proactive monitoring, diagnosing, and correcting of computer system security problems. (i.e., access permissions, password reset, login issues, etc.).
- Assist in the, installation, use, maintenance, and documentation of OSC's computer security software.
- Assist in oversight of the development of backup, recovery and contingency/disaster planning.
- Assist in oversight of the LOB Solution Vendor and QA/IV&V Vendor for conversion planning, to ensure that the servers and operating system environment are designed, developed, installed and are performing in a manner adequate to meet the security needs of the NYSLRS Project.
- Assist in the coordination of CIO staff to ensure they understand the full impact of system security enhancements as they relate to OSC, monitoring SLAs (Service Level Agreements) where necessary to ensure that work is accomplished in a coordinated, well-planned manner and meets expectations.
- Perform various security related activities of the new NYSLRS LOB solution, with other organizations at the Office of the State Comptroller, and external entities, to ensure that security needs are addressed as implementation proceeds.
- Participate in the development and implementation of the LOB user administration process including the creation, maintenance, role maintenance and the related policies, for all internal staff and external customer’s usage NYSLRS self service web applications.
- Participate in the development and implementation of the policies surrounding the business and IT processes proposed in the LOB Solution including, but not limited to: receiving and sending data to external partners, movement of data files within OSC, business reports, IT Change Management (application and system changes) throughout the system, user lifecycle Management as well as the secure integration between component parts of the LOB solution.
- Ensure that all OSC Security Policies and directives are upheld and maintained as the new system is developed
- Collaborate and cooperate with related ISO and CIO security staff and keep them informed of key security activities
- Assist in oversight of any third party vendor(s) who may perform Network Vulnerability Assessments. Perform the review of any reports that are developed in this regard (including reports from the QA/IV&V Vendor) and ensure that any and all deficiencies are reviewed and appropriate follow-up action is taken.
- Assist in the security certification and accreditation readiness of the new LOB solution, the program under which it is implemented and the security of the business environment in which it will continue to operate.
- Assist in oversight of the LOB Solution Vendor’s development of an information security program which includes, but is not limited to:
- Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of OSC/NYSLRS
- Subordinate plans for providing adequate information security for networks, facilities, information systems, or groups of information systems, as appropriate
- Security awareness training
- Periodic testing and evaluation of the effectiveness of information security policies, procedures, practices, and security controls to be performed with a frequency depending on risk, but no less than annually
- A process for planning, implementing, evaluating, and documenting remedial actions to address any deficiencies in the information security policies, procedures, and practices of OSC/NYSLRS
- Procedures for detecting, reporting, and responding to security incidents
- Plans and procedures to ensure continuity of operations for information systems that support the operations and assets of OSC/NYSLRS
- Conduct periodic security audits and risk assessments
- Assist in data classification activities including the development, implementation and maintenance of NYSLRS’ data classification program in consultation with the division’s business units
- At least 2 years of IT security experience
- Experience must include the following, which may be concurrent:
- 1 year experience building appropriate user profiles, roles, and privileges, etc., involving all aspects of user administration in support of secure internal and external controls.
- 1 year experience establishing and maintaining an organization's security policy and plan.
- 1 year experience in performing and/or reviewing security vulnerability tests in a complex operating environment.
- 1 year of security audit, risk assessment and review experience
- Must have Identity and Access Management suites/products (Oracle IAM, IdentityMinder, etc)
- Current holder of Certified Information Systems Security Professional (CISSP), or other certification recognized under Department of Defense Directive 8570.01 at IAT Level III or IAM Level II
- Ability to effectively work in a team environment, with responsibility for performing security related tasks to ensure achievement of objectives;
- Industry recognized Information Security training or certification;
- Experience with customer service or help desk task, including use of remote assist tools.
- Experienced troubleshooting methodologies to resolve various technical and non-technical issues.
- Demonstrated experience utilizing any large enterprise size provisioning products, such as but not limited to:
- Active Directory or other LDAP product for authentication, authorization and accountability.
- Web access control or portal products (Siteminder, Getaccess, etc)
- Must have strong enabling technology experience, specifically around Oracle Audit/DB vault and other such technologies
Desired Knowledge, Skills, Abilities
- Experience implementing PeopleSoft/Oracle security;
- Experience with PeopleSoft/Oracle role based user administration
- Experience with Oracle Security Server;
- Experience developing annual user security reviews and security audit plans;
- Experience securing data, both at rest and in transit;
- Experience controlling access to backend database objects (tables, views, rows, columns, etc.);
- Experience monitoring system access via audit plan data;
- Knowledge of retirement benefits administration business requirements and their fulfillment through specific IT capabilities and practices;
- Excellent oral and written communication skills;
- Excellent organizational skills
- Demonstrated experience with the security components of any of the following software:
- PeopleSoft Enterprise 9.1, including
- Human Capital Management (HCM)
- Customer Relationship Management (CRM)
- Learning Management
- Oracle Policy Administration (OPA) and Policy Modeling
- Oracle Enterprise Data Quality
- Oracle WebLogic Suite
- Oracle SOA Suite
- Oracle Business Process Management (BPM) Suite
- Oracle Enterprise Governance, Risk, and Compliance Manager (GRC)
- Phire Architect
- Verisign MPKI for SS
- Oracle Database 11g, including,
- Advanced Security option
- Database Vault
- Audit Vault
- Database Firewall
- Grid Control IAM Management
- PeopleSoft Enterprise 9.1, including
nfrastructure helps large enterprises design, build and operate mission-critical technology infrastructure. Combining proven methods and tools, world-class engineering talent, on-site technical service in every major North American market and tightly integrated low cost remote support, nfrastructure collaborates with customers to deliver sustainable disruptive value. With industry practices in public sector, financial services, retail, healthcare, technology, communications, public safety and energy, nfrastructure works with leading technology hardware and software vendors to provide comprehensive data center, network, security, unified communications, end-point, structured cabling, staffing and outsourcing solutions.
More information about nfrastructure can be found at www.nfrastructure.com
Apply for this job or another online today at www.nfrastructure.com/careers
nfrastructure is proud to be an equal opportunity employer; women and minorities are encouraged to apply for positions.