Sr. Cyber Risk and Compliance Assessor

The Oregon Health Authority (OHA) has a fantastic opportunity for an experienced Sr. Cyber Risk and Compliance Assessor to join an excellent team and work to advance their IT operations.

 
The Office of Information Service’s mission is to deliver technology solutions and services that support Oregon Health Authority and Oregon Department of Human Services in helping Oregonians achieve health, well-being, and independence.

The Oregon Health Authority is committed to:

• Eliminating health inequities in Oregon by 2030
• Becoming an anti-racist organization
• Developing and promoting culturally and linguistically appropriate programs,
• Developing and retaining a diverse, inclusive, and equitable workforce that represents the diversity, cultures, strengths, and values of the people of Oregon.
• Click here to learn more about OHA’s mission, vision, and core values.

What you will do!

This position provides cyber risk, compliance, and security expertise in areas such as software development, access and control methodologies, operations, continuity planning, and the entire system life cycle. This position assists in ensuring that business security requirements are accurately reflected in technical specifications and that the department has appropriate security integration throughout all systems development.  This person will have a key role in the analysis and evaluation of security design, development, testing and implementation of complex security infrastructures.

The person in this position may serve as a chief architect, analyst, or consultant for ongoing security related activities. The goal is to provide appropriate access to and protect the confidentiality and integrity of ODHS and OHA information in compliance with federal/state regulations, agency security policies and standards and contractual obligations. The person in this position will assist the Chief Information Risk Officer in the overall security of ODHS and OHA information systems, networks, and business continuity planning. This person is a security consultant for information security issues and incidents. This person will provide technical guidance for the development and implementation of departmental security policies and procedures. This person may also be required to develop and review security requirements for initiatives and projects. This person may be assigned to provide risk & compliance analysis and security consultative services for specific projects. 

What we are looking for!

(Please clearly outline how you meet the minimum requirements and special qualifications in your application/resume/cover letter. Failure to do so might disqualify you from consideration)

SPECIAL QUALIFICATIONS:  

Successful completion of one of the following certifications or willingness to obtain one within 12 months of hire: (a) Certified Information Systems Security Professional (CISSP); (b) Certified Information Security Manager (CISM); (c) Certified Information Privacy Professional (CIPP), (d) Certified in Risk and Information Systems Controls (CRISC), or (e) Certified Data Privacy Solutions Engineer (CDPSE)

MINIMUM REQUIREMENTS:

(a) Seven (7) years of information systems experience in:

• Advising on the best practices (or implementation) of regulatory security and privacy controls
• In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services).

OR

(b) An Associate's degree or higher in Computer Science, Information Technology, or related field, OR completion of a two (2) year accredited vocational training program in information technology or related field.

AND 5 years of information systems experience in:

• Advising on the best practices (or implementation) of regulatory security and privacy controls
• In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services).

OR

(c) A Bachelor's degree in Information Technology, Computer Science, or related field AND three (3) years of information systems experience in:

• Advising on the best practices (or implementation) of regulatory security and privacy controls
• In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services).

OR

(d) Master's degree in Information Technology, Computer Science, or related field

AND one (1) year of information systems experience in:

• Advising on the best practices (or implementation) of regulatory security and privacy controls
• In-depth knowledge of Center of Internet Security (CIS) Controls, National Institute for Standards and Technology (NIST) guidelines, and Microsoft technologies (including Active Directory, Azure, Cloud Services).

Desired Attributes

• Knowledge and ability to interpret the best practices, and the ability to advise business partners on the implementation of the following regulatory security and privacy controls:

• Center of Internet (CIS) Security Controls.
• National Institute for Standards and Technology (NIST).
• Microsoft technologies (including Active Directory, Azure, Cloud Services).

• Familiarity with information security and privacy programs, threats, and vulnerabilities.
• Facilitate complex communication of risks to agency leaders and business owners.
• This position requires excellent communication skills and the ability to work with and facilitate diverse groups and individual.
• The position requires the ability to prioritize workloads and the ability to analyze complex procedures, processes, and policies.
• Ability to manage multiple projects and competing priorities of agency demands.
• Critical thinking skills with the ability to independently solve problems with data.
• Experience in creating and maintaining a work environment that is respectful and accepting of diversity among team members and the people we serve.

What's in it for you?

• Medical, vision, and dental benefits
• Eleven (11) paid holidays.
• Eight (8) hours of vacation per month, eligible to be used after 6 months of service.
• Eight (8) hours of sick leave per month, eligible to be used as accrued.
• 24 hours of personal business leave per fiscal year, eligible to be used after 6 months of service.
• Pension and retirement programs 
• Opportunity to potentially receive loan forgiveness under the Public Service Loan Forgiveness Program (PSLF)
• Continuous growth and development opportunities
• Opportunities to serve your community and make an impact through meaningful work.
• A healthy work/life balance, including fulltime remote options as well.

Monthly Salary Range: $7,149 - $10,826

Application Deadline: 5/23/2024

The Oregon Health Authority is an equal opportunity, affirmative action employer committed to workforce diversity.

To learn more or apply, please visit:

https://oregon.wd5.myworkdayjobs.com/SOR_External_Career_Site/job/Salem--OHA--Fairview-Industrial-Drive-3990/Sr-Cyber-Risk-and-Compliance-Assessor--Information-Systems-Specialist-8--Hybrid-Work-Options_REQ-156455

https://oregon.wd5.myworkdayjobs.com/SOR_External_Career_Site/job/Salem--OHA--Fairview-Industrial-Drive-3990/Sr-Cyber-Risk-and-Compliance-Assessor--Information-Systems-Specialist-8--Hybrid-Work-Options_REQ-156455