Position Overview

Information in this statement is NOT intended to be all-encompassing or to address all responsibilities of the position.

This position will provide in-person information security/cybersecurity related services for Illinois Criminal Justice Information Authority. The candidate will work closely with internal technology staff, service providers. Duties will include virtual meeting, in-person meetings, phone calls, email correspondence with ICJIA staff regarding cybersecurity/information security.

Job Responsibilities

1. Work with ICJIA technology counterparts (e.g, Digital Services, DevOps, R&A, and InfoSec) to improve the Agency’s security and privacy posture.
2. Collaborate with technology staff (e.g., Digital Services, R&A, DevOps, InfoSec) to evaluate. Recommend, and implement system/tools improvements
3. Develop and maintain documentation for the above.

Minimum Qualifications

1. Requires a bachelor's degree from an accredited college or university in cybersecurity, information security, or a directly related field, plus obtainment of cybersecurity certifications (e.g., CompTIA Security+, GIAC, Cloud Security Alliance, Google Cybersecurity), and work experience in information security, designing and deploying security and privacy solutions, or an equivalent combination of education, training, and experience.
2. Requires experience with demonstrative proficiency applying each of the following specialized technical and functional skills, processes, frameworks, and methods:

• Creating controls to detect potential security and privacy violations;
• Assessing potential security and privacy risks (e.g., reviewing systems and analyze reports for potential security risks);
• Diagnosing, troubleshooting, and resolving security risks;
• Recommending security & privacy solutions/best practices/policies (e.g., detection and notification, auditing, alerts, responses, vulnerability detection, risk remediation);
• Developing, reviewing and updating security and privacy related documentation (e.g cyber security policies, risk status, risk mitigation, system settings, configurations, schematics, & diagrams);
• Reviewing and recommending security products and their related costs;
• Reviewing the security and privacy of systems (e.g., developing and implementing test scripts and running security scans, validate baseline security configurations of OS, applications, and networking infrastructure);
• Providing expertise and assistance to ensure the infrastructure and information assets are protected;
• Tracking, monitoring, and analyzing key cybersecurity metrics and KPIs;
• Evaluating service providers and their offerings and implementations to ensure compliance with security and privacy policies, requirements, and cost effectiveness.

Preferred Qualifications

1. Prefers the obtainment of at least one (1) InfoSec/Cybersecurity Certifications (e.g., CompTIA Security+, GIAC, Cloud Security Alliance, Google Cybersecurity).
2. Prefers at least 6 months of educational/professional experience developing, reviewing, updating, and maintaining system security and privacy related documentation (e.g. cyber security policies, risk status, risk mitigation, system settings, configurations, schematics, & diagrams).
3. Prefers at least 6 months of educational/professional experience reviewing the security and privacy of systems and identifying potential threats and risks (e.g., analyzing logs and data for suspicious activity, formally categorizing and assessing risks, developing and implementing test scripts and running security scans, validate baseline security configurations of OS, applications, and networking infrastructure).
4. Prefers at least 6 months of educational/professional experience explaining and providing guidance to staff/colleagues to assure adherence to information security and cybersecurity policies and procedures.
5. Prefers at least 6 months of educational/professional experience improving security and privacy via security tools and technologies (e.g., firewalls, intrusion detection systems, encryption, addressing vulnerabilities of different operating systems and network security).
6. Prefers at least 6 months of educational/professional experience with penetration testing or ethical hacking.
7. Prefers at least 1 year of educational/professional experience demonstrating strong ability to make decisions in a logical and objective manner, including with time management and prioritization of tasks.
8. Prefers at least 1 year of educational/professional experience demonstrating strong ability to present technical and high-level concepts and policies to internal and external team members with varying degrees of technical knowledge.

Conditions of Employment

1. MUST BE A U.S. CITIZEN OR PERMANENT RESIDENT.
2. MUST HAVE THE ABILITY TO LIFT TECHNOLOGY EQUIPMENT – UP TO 50 POUNDS.
3. MUST BE ABLE TO TRAVEL TO OFFICE IN SPRINGFIELD OR CHICAGO.
4. MUST BE ABLE TO PASS BACKGROUND CHECK.