Information Security and Compliance Officer

This role ensures compliance with IT best practices and enhances IT security for the Department of Finance. Tasks include establishing and following IT security policies, standards, and procedures in compliance with department, state, and federal mandates. Work involves understanding the impact of security requirements on IT systems and handling confidential data from the SSA and IRS. This role addresses audit findings, maintains an audit strategy, and plans for future audits. As an Internal Security Officer (ISO), this role drives Continuity of Operations Planning (COOP) efforts.

Applicants who do not possess the preferred qualification will still be eligible to compete for this position if the job requirements are met.

  1. Three years’ experience with a regulatory framework such as IRS Publication 1075, Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standard, Federal Risk and Authorization Management Program, National Institute of Standards and Technology, etc.

• Develops, implements, and enforces information security policies, standards, best practices and procedures for complex systems and data including that which requires compliance with federal and state regulations department-wide. 
• Conducts IT security risk assessments and gap analysis on systems and operational requirements to evaluate effectiveness and identify vulnerabilities and non-compliance.
• Makes recommendations on corrective action to IT security requirements and system designs to resolve issues; evaluates IT security solutions to confirm they meet department, state and federal IT security requirements for processing confidential and sensitive information. 
• Develops IT security policies and procedures for reviewing and approving new requirements and specifications for procurement of major systems.
• Develops and updates systems IT security plans and reports such as but not limited to the Corrective Action Plan (CAP), System Security Plans (SSP), Safeguards Procedures Report (SPR) and/or the Safeguard Security Report (SSR).
• Performs IT security and internal control reviews on sensitive systems and develops unique security tools and techniques for assessment of complex/non-standard systems and operational requirements.
• Completes IT security authorization packages for systems users to include security plans, assessment reports and a continuous monitoring plan/assessment schedule.
• Assists department staff on IT security policy and conducts IT security related training.
• Ensures compliance of department IT security operations with external entities such as but not limited to, the Center for Medicare and Medicaid Services, Internal Revenue Service (IRS), Payment Card Industry Data Security Standards (PCIDSS), Social Security Administration (SSA), State of Delaware Information Security Policy (DISP), and Delaware State Personally Identifiable Information (PII) data security requirements.  Prepares policies and procedures to ensure the secure transmission of State data to external entities.
• Prepares and coordinates IT security audits, investigations and incident management. 
• Supports a 24x7 operational environment.  The operating environment will require extended hours, including engagement outside normal working hours.
• May complete the Primary Information Security Officer (ISO) or Alternate Information Security Officer (ISO) duties, as outlined by DTI.
• Ensures effective, stable and reliable information systems and business operations, while remaining in compliance with department, state and federal laws, rules and regulations, as well as the DTI defined strategic direction, including keeping all components of systems under vendor warranty, support/service plans, backup, Continuity of Operations Planning (COOP).
• Performs other duties of equal or lower complexity as assigned.

 JOB REQUIREMENTS for Information Security and Compliance Officer
Applicants must have education, training and/or experience demonstrating competence in each of the following areas:

1. Three years' experience in developing, implementing, and enforcing Federal and State IT security policies, standards, best practices and procedures.
2. Three years' experience in maintaining information security by conducting assessments/audits and analysis of information systems to identify security risks,  changes/upgrades, evaluating IT security measures along with performing internal security control reviews;  developing security reports; preparing corrective actions to audit and other findings; and recommending improvements to security solutions.

Applicants must be legally authorized to work in the United States. The State of Delaware Executive Branch participates in the Federal E-Verify system where the State will provide the federal government with each new hires Form I-9 information to confirm that you are authorized to work in the U.S. For more information refer to our job seeker resources.

Applicant must complete satisfactory criminal background check, reference checks, confirmation of compliance with federal and state tax laws, and any other required condition of employment.

All new hires are required to report to the Statewide New Employee Orientation (SNEO) on their first day of employment. Sessions are held at designated locations in Kent or New Castle County.

To learn more about the comprehensive benefit package please visit our website at https://dhr.delaware.gov/benefits/

The application and supplemental questionnaire are evaluated based upon a rating of your education, training and experience as they relate to the job requirements of the position.  It is essential that you provide complete and accurate information on your application and the supplemental questionnaire to include dates of employment, job title and job duties.  For education and training, list name of educational provider, training course titles and summary of course content.   Narrative information supplied in response to the questions must be supported by the information supplied on the application including your employment, education and training history as it relates to the job requirements.

Once you have submitted your application on-line, all future correspondence related to your application will be sent via email.  Please keep your contact information current.  You may also view all correspondence sent to you by the State of Delaware in the “My Applications” tab at StateJobs.Delaware.gov.

Accommodations are available for applicants with disabilities in all phases of the application and employment process.  TDD users may request an auxiliary aid or service by calling (800) 232-5470 or by visiting delawarerelay.com.  You may also call (302) 739-5458 or email DHR_ADAConcerns@delaware.gov for additional applicant services support.

The State of Delaware is an Equal Opportunity employer and values a diverse workforce. We strongly encourage and seek out a workforce representative of Delaware including race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression.