Senior Security Analyst (IT Security SR/SP) 2021-01517

  • Cannabis Jobs
  • Olympia, WA, USA
  • 23 Feb, 2021

Job Description

Description **WSLCB Vision** Safe communities for Washington State **Mission** Promote public safety and trust through fair administration and enforcement of liquor, tobacco cannabis and vapor laws. **_**Note: This recruitment is open until filled. Application review will be conducted on a weekly basis. The hiring authority reserves the right to make a hiring decision at any time. We encourage all applicants to apply as early as possible._** *To further ensure public safety and in conjunction with our Governor's proclamation of stay home, stay healthy and current guidelines related to COVID-19, interviews at this time will be conducted by video or phone conference as part of our recruitment process. * **_Who we are_** The mission of the _Washington State Liquor and Cannabis Board_ (WSLCB) is to promote public safety and trust through fair administration and enforcement of liquor, cannabis, tobacco, and vapor laws. At the WSLCB we pride ourselves on creating the "wow" factor in everything we do. We search for people who demonstrate a strong work ethic, excellence in customer service, partnering and teamwork, and quality performance. We strive to be a great place to work by fostering a safe, open, inclusive and healthy work environment. We want to ensure that our organization is as diverse and inclusive as our great State of Washington. We want to create a culture that fosters excellence in customer service, open and honest communication, transparency and accountability, data driven decisions, and business initiated process improvement. **Your opportunity at a glance** Within the Information Technology Services Division (ITSD), your position will report directly to the IT Operations Manager, while working with individuals at all levels within the organization. You will be part of a division whose purpose is to advance public safety and drive compliance through technology. In this role, you will safeguard the confidentiality, integrity, and availability services within WSLCB. You will build an efficient and effective program that oversees security, disaster recovery, and continuity of operations while contributing significantly to agency data privacy initiatives. The Senior Security Analyst manages the daily operations of the WSLCB Security Committee, which collaboratively identifies and implements improvements to our security architecture and drives accountability for secure technical standards down to every level within the agency and division. This position works closely with the agency executive staff and decision makers in other departments and uses their advanced technical and situational leadership skills to identify, recommend, develop, implement, and support cost-effective cyber security solutions for all aspects of the organization. **WSLCB provides a modern work environment and excellent benefits including:** * Training and career development programs * Tuition reimbursement * Flexible work schedules * Telecommuting opportunities * Generous wellness program * Onsite exercise facility * Active and engaging diversity program * Infant at Work program. * Organization's commitment to your personal health and well-being. * Work/life balance. * Free parking * A comprehensive _benefits package_. Duties As the Senior Security Analyst, you will serve as the highest-level authority in cybersecurity, continuity of operations (COOP) and disaster recovery (DR) for the WSLCB. You will bring advanced knowledge of a wide range of technology principles, concepts and practices in order to apply security standards to all disciplines within the digital product and service development lifecycles. Although the position does not supervise junior staff, the incumbent will coach, mentor, and guide all levels of staff while maintaining independent control of the security program’s daily operations. This position manages a security program that establishes standards and practices impacting statewide staff, a dynamic regulatory structure, and applications that collect and disperse revenue for the state. **Primary duties include but are not limited to:** * Define and manage the WSLCB Cyber Security Program. * Align WSLCB security initiatives with business objectives and ensure that IT assets and customer data are adequately protected. * Establish, implement, audit and analyze security-related policies in compliance with WSLCB, Consolidated Technology Solutions (WaTech) and industry standards (e.g. Center for Internet Security). * Initiate, facilitate, train, and promote activities to launch an agency security awareness program which fosters information security awareness agency wide. * Ensure WSLCB is in compliance with all security and DR/COOP statues, rules and policies. * Model and foster enthusiasm for IT security within the agency and division. * Define, manage, and annually review security and DR/COOP policies and procedures. * Design and maintain system and data security audit standards and procedures. * Advocate for the timely resolution of security vulnerabilities. * Partner with WSLCB data privacy officer to define and manage data privacy policies and procedures. * Partner with the WSLCB enterprise architect to define, construct, and manage the agency’s security architecture. * Liaise with OCS for all required Security Design Reviews (SDR). * Serve as WSLCB liaison to the Washington State Office of Cyber Security (OCS) and Computer Emergency Response Team (CERT). * Monitor security statute, regulation and policy changes and analyzes WSLCB standards for necessary changes. * Facilitate Cybersecurity Incident Management and Maintain Cybersecurity Incident Management Standards * Manage WSLCB’s security incident response team, ensuring compliance to response procedures by vendors and personnel. * Conduct internal security audits and implement corrective actions in accordance with approved procedure. * Facilitate audits of third-party commercial software providers that are integrated with WSLCB systems. Manage collection of required documentation and systems to confirm compliance status when requested. * Initiate and facilitate annual enterprise security audits as well as independent third-party audits on a tri-annual basis. * Evaluate current and potential software and hardware against standard security requirements and identify risks that may require avoidance or mitigation. * Conduct vulnerability analysis of information systems and interpret results using industry accepted tools and practices to ensure information systems are maintained in a high-state of security and hardened again common exploits * Design, implement and maintain complex processes to detect network and computer anomalies related to malicious behavior. * Conduct research on emerging security and DR/COOP products, services, protocols, and standards. * Stay current with new/emerging technologies and/or systems. Qualifications In this role, your practical experience coordinating security services and managing incident response will be vital to the agency’s success. **_Required Qualifications:_** * You must have your CISSP: Certified Information Systems Security Professional or CISM: Certified Information Security Manager accreditation, **OR **__M____ust be able to obtain a CISSP certification within six months of hiring date._ _Special Note: WSLCB will pay for one certification test; however, if you are unable to obtain the certification prior to your trial service date, you will no longer be eligible for employment. Progressive experience and demonstrated ability to independently perform the following: * IT security policy development, analysis and implementation. * Planning and administering IT security operations * Researching and applying complex data privacy principles * Facilitating disaster recovery planning or services Maintain working level knowledge in the following: * Infrastructure-as-a-Service for both government and commercial cloud computing service * Platform-as-a-Service cloud computing services * Identity management solutions * LAN/WAN technologies *This position is designated as responsible for management of products and services that must be assessed and restored in the event of an emergency and/or outage. This position will responsible for organizing and facilitating incident command.* **_Desirable/Preferred Qualifications_****:** * Associate’s Degree or higher in Computer Science or related field. * Two (2) or more years of paid or unpaid professional experience as a security specialist. Working level knowledge of the following: * Salesforce * M365 * MS Azure * Amazon Web Services * Microsoft Server Operating Systems in an Active Directory domain using Microsoft Windows Server 2012 or newer * Virtualization technologies (VMWare, Hyper-V, Citrix, etc.). Supplemental Information ***HOW TO APPLY*** **_PLEASE READ THE FOLLOWING INFORMATION CAREFULLY TO ENSURE YOU HAVE SUBMITTED THE REQUIRED MATERIALS TO BE CONSIDERED._** **IMPORTANT**: To be considered for this position, you MUST include the following, failure to do so will result in your application being disqualified: 1. Completed online application. 2. Current Resume. 3. Letter of Interest describing how you meet the specific qualifications for the position. 4. Three professional references to include a current or recent supervisor with email addresses and phone numbers. **********A resume will not substitute for completing the "work experience" section of the application.**__ The information provided in your application and supplemental questionnaire must support your selected answers in the supplemental questions. Responses not supported in your application will disqualify you for consideration of employment from this recruitment. ***Prior to a new hire, a background check including criminal record history will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position.*** **Other** Applicants for employment with the Washington State Liquor and Cannabis Board should also be aware of RCW 66.08.080, which states in part: "No employee of the board shall have any interest, directly or indirectly, in the manufacture of liquor sold under this title, or derive any profit or remuneration from the sale of liquor, other than the salary or wages payable to him in respect of his office or position, and shall receive no gratuity from any person in connection with such business. RCW 69.50.351, no member of the state liquor and cannabis board and no employee of the state liquor and cannabis board shall have any interest, directly or indirectly, in the producing, processing, or sale of marijuana, useable marijuana, or marijuana-infused products, or derive any profit or remuneration from the sale of marijuana, useable marijuana, or marijuana-infused products other than the salary or wages payable to him or her in respect of his or her office or position, and shall receive no gratuity from any person in connection with the business. WSLCB is an equal opportunity employer and does not discriminate on the basis of race, creed, color, national origin, sex, marital status, sexual orientation, gender identity, diversity, age, honorably discharged veteran, veteran status, genetic information, or the presence of any sensory, mental or physical disability or the use of a trained guide dog or service animal by a person with a disability. For questions about this recruitment, or to request reasonable accommodation in the application process, please email hrjobs@liq.wa.gov or call (360) 664.1636. For TTY service, please call the _Washington Relay Service_ at 7-1-1 or 1-800-833-6384. *Salary:* $85,476.00 - $112,176.00 Annually *Location:* Thurston County – Olympia, WA *Job Type:* Full Time - Permanent *Department:* Liquor and Cannabis Board *Job Number:* 2021-01517 *Closing:* Continuous *Agency:* State of Washington *Address:* View Job Posting for Agency Information View Job Posting for Location, Washington, 98504 *Phone:* View Posting for Agency Contact *Website:* http://www.careers.wa.gov