STEM OPT IT Security Analyst Jobs

INTRODUCTION

The New Mexico Division of Vocational Rehabilitation (NMDVR) is a state-run agency dedicated to assisting individuals with disabilities in achieving employment success. Through services such as vocational counseling, job placement assistance, training and education, assistive technology, and support services, NMDVR aims to enhance the employability and independence of people with various disabilities. Tailoring its programs to meet individual needs, the agency is committed to facilitating competitive employment and fostering independence among its clientele.

This posting will be used for ongoing recruitment and may close at any time. Applicant lists may be screened more than once.

ROLE AND RESPONSIBILITIES

The role of the Senior IT Security Analyst exists to manage and mitigate risks related to security and regulatory compliance, ensuring that the organization operates securely and in accordance with state/federal regulations and industry standards. The position's expertise and responsibilities are crucial for safeguarding NMDVR against internal and external threats.

Under direct supervision of the NMDVR Director, the incumbent of this position will support the agency's information security program through the management and oversight of cybersecurity tools, risk management activities, security audits and assessments, compliance monitoring, incident response, security architecture, disaster recovery planning, continuous improvement initiatives, and employee security awareness and training efforts.

The position will work closely with the Chief Information Officer (CIO) to ensure the proper configuration and security of IT systems, including the protection of information both in transit and at rest, while supporting ongoing vulnerability assessments and periodic penetration testing activities to strengthen the agency's overall cybersecurity posture. The incumbent will also assist in the development and implementation of a comprehensive, risk-based information security program aligned with agency operational and compliance requirements.

• Oversee the implementation, administration, and maintenance of information security tools and technologies, including firewalls, antivirus solutions, intrusion detection/prevention systems, and access control systems.

• Monitor emerging cybersecurity threats, vulnerabilities, and industry trends to recommend and implement enhancements to security policies, procedures, controls, and technologies. Collaborate with vendors to evaluate security solutions and ensure compliance with organizational security requirements. Develop, test, and maintain disaster recovery and business continuity plans to support organizational resilience and regulatory compliance.

• Conduct risk assessments of IT systems, applications, networks, and infrastructure to identify potential vulnerabilities and develop mitigation strategies and risk management plans.

• Perform security audits, vulnerability assessments, and compliance reviews of IT systems, applications, databases, and networks to identify security weaknesses and ensure adherence to established standards and policies.

• Monitor and ensure compliance with applicable regulations, standards, and best practices related to information security and data protection, including National Institute of Standards and Technology (NIST) guidelines and Personally Identifiable Information (PII) requirements.

• Assist in the design, implementation, and maintenance of secure IT architectures, systems, and security controls.

• Lead and coordinate incident response activities related to cybersecurity events, including investigation, containment, remediation, recovery, and response to security alerts.

• Develop and deliver cybersecurity awareness and training programs to promote organizational security best practices and employee compliance.

• Perform other duties as assigned.

MINIMUM QUALIFICATIONS

Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and three (3) years of experience in IT security or compliance validation (e.g., HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling seven (7) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g., CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g., PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.

EMPLOYMENT REQUIREMENTS

Occasional travel is required.

WORKING CONDITIONS

Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.

SUPPLEMENTAL INFORMATION

Do you know what Total Compensation is? Click here

Agency Contact Information: Tina Montoya (505) 264-3944 Email

For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.

The NMDVR is an equal opportunity employer. Applicants selected for an interview must notify the NMDVR of the need for a reasonable accommodation by informing the agency contact listed in the job posting.

BARGAINING UNIT POSITION

This position is not covered by a collective bargaining agreement.