Information Security Specialist -Legislative Research Commission

at  Commonwealth of Kentucky

LEGISLATIVE BRANCH | FULL TIME | INELIGIBLE FOR OVERTIME PAY | LRC | 40.0 HR/WK

Click here for more details on state employment.
Hiring Agency
Legislative | Legislative Research Commission
Location
702 Capital Ave
Frankfort, KY 40601 USA
Description
The Legislative Research Commission is accepting applications for the position of Information Security Specialist I in the Office of Computing and Information Technology (OCIT). This position is nonpartisan in nature and requires the ability to work with neutrality in a politically charged environment.
The Legislative Research Commission provides staff support to the Kentucky General Assembly. The agency offers unique opportunities to people seeking fulfilling, challenging, and rewarding careers. LRC staff members provide diverse services and are united by the common purpose of supporting the branch of government closest to the people.
The individual selected for this position must have a positive attitude, strong work ethic, attention to detail, and be public service oriented with the ability to maintain a good rapport with LRC staff, state employees, and the general public. The individual must be able to work under stress, with the understanding that during legislative sessions and occasionally during the interim period, working significant amounts of overtime will be required.
This is a permanent, full-time position with benefits including health and life insurance; retirement plan; and paid holidays, vacation, and sick days. Compensatory time is awarded on an hour-for-hour basis with prior approval.

Job Duties:

• Work with stakeholders to plan, maintain a timeline for, and deliver projects.
• Actively seek opportunities to improve processes.
• Create and maintain best practices for IT and Information Security development.
• Plan and coordinate efforts to create and maintain a secure and resilient information security infrastructure.
• Stay up-to-date with new or evolving security products, standards, policies, and risks.
• Manage information security policy and accompanying standards, working with all agency areas to ensure compliance with policy and security standards.
• Perform audits when required to validate risks.
• Actively identify intrusion attacks and affected services and communicate that up.
• Notify Information Security Manager of significant vulnerabilities, threat detection/attacks.
• Work with LRC Infrastructure staff to ensure all anti-virus and other vulnerability protection is up to date.
• Help maintain OCIT Disaster Recovery plans.
• Work with Infrastructure staff to ensure system backups are regularly created, validated, and securely stored.
• Keep OCIT management informed of issues or concerns that relate to the effectiveness of IT security, as well as to individual agency projects.
• Keeps OCIT management updated on potential IT security risks and mitigation strategies.
• Perform other duties as assigned.

Desired Skills and Abilities:

• Excellent verbal and written communication skills.
• Strong analytical, troubleshooting, and detail-oriented skill set.
• Customer service skills.
• Ability to quickly learn complex technical concepts.
• Excellent skills in using Microsoft Office products.
• Ability to resolve routine problems with written instructions or supervision.
• Provide daily assistance with information security systems and risk mitigation associated with electronic trespass, email, viruses, wireless access, and electronic delivery of information in an Inter/Intra/Extranet environment.
• Assist with troubleshooting enterprise security controls to include Endpoint, Network, SIEM/SOAR, TVM, BCDR, and Incident Response.
• Ability to analyze systems and their functionality/relationship to the overall processing environment.
• Ability to support projects; establish and maintain effective working relationships with both technical and non-technical personnel; and communicate effectively in speech and in writing.
• Knowledge of Information Security frameworks, policies, procedures, and standards.
• Some knowledge of these environments: Linux, Windows (Active Directory), Next-Generation Firewalls, VOIP, SQL, Network Access Control, Microsoft .NET, Front-end Web Frameworks, Containers, Kubernetes, NetApp, and Cisco.
• Some programming or scripting knowledge and experience, such as PowerShell & Python, preferred.

Minimum Requirements
EDUCATION: Bachelor’s degree in engineering, computer science, or related field. CISSP, CISM, CCSK or related certification may be substituted.
EXPERIENCE, TRAINING, OR SKILLS: No direct experience is needed. Limited relevant/business experience and business knowledge is required, or equivalent academic training.
Substitute EDUCATION for EXPERIENCE: NONE
Substitute EXPERIENCE for EDUCATION: Education may be substituted for experience and experience may be substituted for education at the discretion of the supervisor/manager.

SPECIAL REQUIREMENTS (AGE, LICENSURE, REGULATION, ETC.): NONE

If you have questions about this advertisement, please contact Jennifer Wood at jennifer.wood@lrc.ky.gov or (502) 564-8100.
An Equal Opportunity Employer M/F/D

• Work with stakeholders to plan, maintain a timeline for, and deliver projects.
• Actively seek opportunities to improve processes.
• Create and maintain best practices for IT and Information Security development.
• Plan and coordinate efforts to create and maintain a secure and resilient information security infrastructure.
• Stay up-to-date with new or evolving security products, standards, policies, and risks.
• Manage information security policy and accompanying standards, working with all agency areas to ensure compliance with policy and security standards.
• Perform audits when required to validate risks.
• Actively identify intrusion attacks and affected services and communicate that up.
• Notify Information Security Manager of significant vulnerabilities, threat detection/attacks.
• Work with LRC Infrastructure staff to ensure all anti-virus and other vulnerability protection is up to date.
• Help maintain OCIT Disaster Recovery plans.
• Work with Infrastructure staff to ensure system backups are regularly created, validated, and securely stored.
• Keep OCIT management informed of issues or concerns that relate to the effectiveness of IT security, as well as to individual agency projects.
• Keeps OCIT management updated on potential IT security risks and mitigation strategies.
• Perform other duties as assigned