Initial Posting Date:
08/06/2025
Application Deadline:
08/20/2025
Agency:
Department of Justice
Salary Range:
$6,679 - $10,092
Position Type:
Employee
Position Title:
Information System Cyber Officer (Information Systems Specialist 7) - IT Modernization Project
Job Description:
The
Oregon Department of Justice
is seeking to hire an Information System Cyber Officer (Information Systems Specialist 7) to serve on its Legal Tools Program Team. This role will be responsible for cybersecurity management, analysis, and best practices for security of the Legal Tools Program as part of a team. The Legal Tools Program is a major business and technology project to replace our core legal systems. This senior level position has the highest level of responsibility to provide information security management, risk analysis, expertise in Microsoft Power Platform, Purview, and SharePoint, planning, advice, and related technical services and support for all Program managed data, systems, and processes. This position is part of a team dedicated to ensuring that the Legal Tools Program delivers a product that meets the unique needs of the Department of Justice.
At this time, the position is Limited Duration through June 30, 2027.
Apply today! In exchange, we’ll ensure you are paid well and equitable to your peers, we’ll make work-life balance attainable, and we’ll show you the door to professional development and job satisfaction. You will find that we embrace inclusive and supportive work environments and respect the diverse perspectives, knowledge, and experiences of our coworkers and those seeking to join the organization. We strive to build an inclusive and performance-oriented workplace where all individuals are welcomed and appreciated, leading to increasingly higher levels of fulfillment and success.
This position may be offered as full time remote within Oregon. Remote work for out-of-state candidates may also be possible, however, a number of factors must be considered; at this time, we are unable to accommodate remote work in all 50 states.

WHAT YOU WILL DO (in part)

• Validate that software products and services are designed, architected, implemented, configured, tested, deployed, and operated securely by providing technical staff information, education, guidance, and hands-on support. Provide hands-on risk remediation guidance to technical teams.
• Manage, plan, and coordinate security audits, risk assessments, threat modeling, abuse case modeling, secure code reviews, static application secure testing and dynamic application secure testing in collaboration with DOJ and contracted services. Analyze, document, and review designs and solutions for their ability to maintain confidentiality, integrity, and availability of DOJ managed systems, services, and data.
• Lead the Program in adhering to secure system security lifecycle best practices by informing Program, DOJ, and contractor staff of those practices, designing the processes and procedures for implementation, and assisting and/or leading the execution of those practices.
• Provide professional expertise in information security governance, risk, and compliance activities for the Program and determine the best approach to respond to and remediate security issues, findings, or misconfigurations. Report recommendations to Program and DOJ leadership in response to audits or security vulnerability findings and manage the implementation of approved recommendation plans. Participate and/or provide oversight as requested or required as an information security advisor to the Legal Tools Program in collaboration with the DOJ Chief Information Security Officer.
• Communicate mandatory information security and compliance requirements from federal, state, local and Department laws, rules, policies, and standards with local, state, and federal partners working with the Program and DOJ.
• Evaluate potential software solutions, including cloud based, off-the-shelf, open-source, and hybrid model systems, and their security to ensure that they meet DOJ’s security and compliance requirements and technology standards.
• Develop DOJ system security plans (SSP), policies, standards, procedures, and guidelines in collaboration with business and technical teams; Program security and compliance requirements; Requests for Proposals (RFP) and Statements of Work (SOW) for external products and services.
• Develop cost benefit analysis, configuration, security, and compatibility requirements with current systems as part of the planning process.
• Manage, plan, and implement information security measures for the protection of agency, client, and customer data. Evaluate, conceptualize, and recommend to Program and DOJ leadership mechanisms to protect systems and data.
• Maintain knowledge of current and emerging security practices, technologies and innovations through training, blogs, professional journals and publications, contact with other IT and security professionals, and self-initiated study.
• Develop and maintain effective working relationships with other external organizations, DOJ Program and Project staff, DOJ divisions, and DOJ personnel.
• Other program related duties as assigned.

REQUIRED EXPERIENCES AND ATTRIBUTES

Research suggests that women and people of color are less likely to apply unless they are confident they meet 100% of the listed qualifications. We welcome members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, and all interested individuals to apply, and allow us to evaluate the knowledge, skills, and abilities that you demonstrate, using an intentional equity lens.

Six (6) years of information systems experience in managing security for both cloud and on-premises systems. Education will be counted as experience if degree is in Computer Science, Information Technology, or related field, or if a two (2) year accredited vocational training program was completed in information technology or related field. Work experience is based on a 40-hour work week. (Example: 20 hours a week for one year would equal six-months of work experience.)

• Associate’s Degree (or 2-year vocational training) = Two (2) Years
• Bachelor’s Degree = Four (4) Years
• Master’s Degree = Six (6) Years

• Validate that software products and services are designed, architected, implemented, configured, tested, deployed, and operated securely by providing technical staff information, education, guidance, and hands-on support. Provide hands-on risk remediation guidance to technical teams.
• Manage, plan, and coordinate security audits, risk assessments, threat modeling, abuse case modeling, secure code reviews, static application secure testing and dynamic application secure testing in collaboration with DOJ and contracted services. Analyze, document, and review designs and solutions for their ability to maintain confidentiality, integrity, and availability of DOJ managed systems, services, and data.
• Lead the Program in adhering to secure system security lifecycle best practices by informing Program, DOJ, and contractor staff of those practices, designing the processes and procedures for implementation, and assisting and/or leading the execution of those practices.
• Provide professional expertise in information security governance, risk, and compliance activities for the Program and determine the best approach to respond to and remediate security issues, findings, or misconfigurations. Report recommendations to Program and DOJ leadership in response to audits or security vulnerability findings and manage the implementation of approved recommendation plans. Participate and/or provide oversight as requested or required as an information security advisor to the Legal Tools Program in collaboration with the DOJ Chief Information Security Officer.
• Communicate mandatory information security and compliance requirements from federal, state, local and Department laws, rules, policies, and standards with local, state, and federal partners working with the Program and DOJ.
• Evaluate potential software solutions, including cloud based, off-the-shelf, open-source, and hybrid model systems, and their security to ensure that they meet DOJ’s security and compliance requirements and technology standards.
• Develop DOJ system security plans (SSP), policies, standards, procedures, and guidelines in collaboration with business and technical teams; Program security and compliance requirements; Requests for Proposals (RFP) and Statements of Work (SOW) for external products and services.
• Develop cost benefit analysis, configuration, security, and compatibility requirements with current systems as part of the planning process.
• Manage, plan, and implement information security measures for the protection of agency, client, and customer data. Evaluate, conceptualize, and recommend to Program and DOJ leadership mechanisms to protect systems and data.
• Maintain knowledge of current and emerging security practices, technologies and innovations through training, blogs, professional journals and publications, contact with other IT and security professionals, and self-initiated study.
• Develop and maintain effective working relationships with other external organizations, DOJ Program and Project staff, DOJ divisions, and DOJ personnel.
• Other program related duties as assigned