Job Posting Title
IS Audit SpecialistAgency
090 OFFICE OF MANAGEMENT AND ENTERPRISE SERVSupervisory Organization
RACJob Posting End Date
Refer to the date listed at the top of this posting, if available. Continuous if date is blank.
Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.
Estimated Appointment End Date (Continuous if Blank)
Full/Part-Time
Full timeJob Type
RegularCompensation
Salary up to: $75,000.00 based on skills and experience.Job Description
As an Information Systems Security and Compliance Specialist with OMES you will enjoy:
Generous leave including 15 days of vacation, 15 days of sick leave and 11 paid holidays annually.
A comprehensive Benefit Package with a generous benefit allowance to offset the cost of insurance premiums for employees and their eligible dependents.
Job Details
Full-time 40-hour work weeks.
Support the Compliance team.
Salary up to: $75,000.00 based on skills and experience.
Responsibilities
Audit & Compliance Support: Collaborate with state agencies, technical subject matter experts (SMEs), regulatory bodies, external auditors, and penetration testers to support audits and evidence collection. Coordinate internal and external audit responses and manage timelines for corrective action plans (CAPs) and plan-of-action and milestone (POA&M) findings. Assist with third-party security assessments and vendor management related security requirements.
Security & Risk Management: Develop, evaluate, and maintain system security plans (SSPs) and evaluate IT security and privacy controls. Conduct gap analyses, track security control exceptions, and document compensating controls. Support the process of standardizing and streamlining information security audits and assessments. Make recommendations to leadership for reducing internal and partner risks.
Remediation and Stakeholder Collaboration: Communicate security audit and assessment findings and recommendations and lead remediation efforts through research, documentation, and collaboration with stakeholders. Consult with stakeholders to ensure data, processes, and technology are designed for compliance and data protection. Develop and maintain standard operating procedures (SOPs) related to compliance reporting, security policies, and regulatory requirements. Provide support to OMES and partners to ensure continuous compliance with internal security policies and external regulations.
Regulatory Compliance and Continuous Improvement: Analyze, interpret, and communicate regulatory changes (e.g., SSA, FTI, CJIS, HIPAA) to the organization. Serve as a change advocate to ensure compliance with state, federal, and local government requirements. Research the applicability of regulations and identify associated reporting requirements. Stay current on best practices in cybersecurity and regulatory compliance to support risk mitigation and asset protection. Advise OMES departments regarding data retention and destruction requirements as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedule. Helps oversee the approved destruction of agency data as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedules. Assist with processing enhanced background checks and CJIS training.
Valued Skills and Experience
Working knowledge of IT and regulatory frameworks and standards. Examples include: NIST CSF, NIST 800-53, IRS 1075, HIPAA, MARS-E, ARC-AMPE, PCI-DSS.
One or more industry recognized certification (CISSP, CISA, CISM, Security+, CIPM, CIPP/US, etc.).
Five or more years of experience in information systems audit and control, information security, risk management, or privacy background.
Knowledge/Skills/Abilities:
Proficient use of IT service management, ticketing and GRC tools and software.
Risk assessment, vulnerability identification and remediation.
Ability to develop System Security Plans.
Ability to effectively evaluate IT security and privacy controls.
Proficient oral and written communication skills.
Strong analytical and problem-solving skills.
Ability to work independently and as part of a team.
Attention to detail and strong organizational skills.
Physical Demands and Work Environment
This position works in a comfortable office setting with a computer for a large percentage of the workday. The noise level in the work environment is usually mild. Occasional travel may be required.
Minimum Qualifications
Bachelor's degree in cybersecurity, or related area, from an accredited college/university; or
Three or more years of information systems security auditing experience.
Equal Opportunity Employment
The State of Oklahoma is an equal opportunity employer and does not discriminate on the basis of genetic information, race, religion, color, sex, age, national origin, or disability.
Current active State of Oklahoma employees must apply for open positions internally through the Workday Jobs Hub.
If you are needing any extra assistance or have any questions relating to a job you have applied for, please click the link below and find the agency for which you applied for additional information: