IT SECURITY PROGRAM SPECIALIST - 02182025-65487
 State of Tennessee | |||||||||||||||
 United States, Tennessee, Nashville | |||||||||||||||
 Feb 19, 2025 | |||||||||||||||
|
Job Information State of Tennessee Job Information
LOCATION OF (1) POSITION(S) TO BE FILLED: DEPARTMENT OF FINANCE & ADMINISTRATION, STRATEGIC TECHNOLOGY SOLUTIONS DIVISION, DAVIDSON COUNTY Qualifications Education and Experience: Graduation from an accredited college or university with a bachelor's degree in one of the following: Information Systems, Computer Science, Information Assurance & Cybersecurity, Information Technology Management, Business Management & Information Systems, Computer & Network Security or Business Administration and experience equivalent to one year of business continuity, disaster recovery, risk management or information security risk analysis and mitigation work. Necessary Special Qualifications: None Overview Summary: Under general supervision, is responsible for security program evaluation and consultative work of average to considerable difficulty; performs related work as required. Responsibilities 1. Assists in developing, modifying, updating and publishing statewide, multi-agency or enterprise application disaster recovery or Continuity of Operations plan(s) to ensure that critical and essential business processes are able to be recovered during a disaster event, emergency or extended outage: gathers business requirements to help identify systems to include in recovery plans; follows-up after the plan has been created to ensure that all staff understand their specific roles and responsibilities. 2. Assists in disaster recovery and business continuity test(s) for statewide, multi-agency, and enterprise applications to ensure that there are sufficient recovery procedures and failover processes in place to successfully restore the affected applications: tests succession plans in the event that key members of the organization are unavailable during a statewide disaster event, emergency or extended outage to ensure continuity of authority, decision-making, and communications; executes activities according to the activated plan(s) to ensure that the processes and documented steps are sufficient to restore affected systems; conducts post-test interviews with test participants to discuss the goals of the test and gather lessons learned during the exercise; compiles "lessons learned" report and timelines to assist with future tests or plans. 3. Assists in the planning and development of statewide risk assessment for business, technology and application solutions to recommend measures to control or reduce risk: identifies the most probable threats to the enterprise, determines related vulnerabilities, develops mitigation strategies and makes recommendations to lower the probability of occurrence. 4. Assists upper management in key component areas within the security program area: policy, procedures and standards, security audits and the configuration of enterprise system resources; assists in developing and implementing new solutions to meet evolving security needs. 5. Analyzes and monitors security systems and reports to determine areas of vulnerability in security across the enterprise: reviews data, system configurations, applications and code to identify security vulnerabilities or sources of security breaches; monitors internal applications, designs and processes to identify potential issues; performs correlation analysis to identify trends and weaknesses in state systems. 6. Identifies and analyzes security data from internal and external resources to determine security needs and program goals. 7. Promotes security awareness through training and effective communication to ensure that all users understand the importance of security program areas: trains users in how to mitigate risk at both the enterprise and agency level; communicates security status, threats or changes that may affect access to the network. Competencies (KSA's) Competencies:
Knowledge:
Skills:
Abilities:
Tools & Equipment
| |||||||||||||||