Information Systems Auditor 1

The duties that the incumbent of the vacancy will be expected to perform. Duties Description The Information Systems Auditor will report directly to the Office of Temporary and Disability Assistance (OTDA) Chief Information Security Office (CISO). The CISO serves as the subject matter lead for audit, security, risk, privacy, governance and emerging technology for OTDA. The role requires strong communication skills, specialized information technology knowledge, the ability to work independently, and to stay abreast of ever-evolving technology, audit, security, risk, and privacy trends.Duties of the Position include, but are not limited to, the following: • Provide technical and governance support to the Agency CISO and Information Security Office (ISO) team in implementing, auditing, and maintaining compliance with state and federal information security requirements; • Assist in performing key functions associated with the OTDA information security and information technology solutions, including but are not limited to: Governance, Risk, and Compliance (GRC) collaboration, audit execution, technical control validation, developing, monitoring and modifying business rules; triaging reportable incidents and breaches;• Assist in coordinating and preparing technical documentation, evidence, and responses for internal, federal, and state audits including, but not limited to Internal Revenue Service (IRS), Social Security Administration (SSA), National Institute of Standards and Technology (NIST), NYS Office of Information Technology Services (ITS); • Support continuous monitoring processes and assist in drafting Information Security documents such as System Security Plans (SSPs), Security Assessment Report (SARs), and Plan of Action and Milestones (POA&Ms); • Perform limited technical assessments of access controls, encryption, and logging configurations under direction of the CISO;• Assist with evidence preservation and incident documentation during cyber security events; support analysis of risk registers, vulnerability reports, and remediation tracking; • Assist in drafting, updating or reviewing OTDA Information Security and Information Technology Policies (OTDA’s Administrative Policies and Procedures Manual (APPMs), Standard Operating Procedures (SOPs) and compliance documentation with attorneys and the CISO; • Support training coordination and awareness initiatives for staff; maintain inventories of systems containing personal, private, and sensitive information (PPSI), Federal Tax Information (FTI), or Personally Identifiable Information (PII); • Assist in developing audit dashboards and Key Performance Indicator (KPI) tracking metrics for CISO reporting;• Assist in writing clear, accurate and concise OTDA Information Security and Information Technology related agency directives and documentation (forms, guides, bulletins, etc.) meeting agency needs, including the development of mitigation strategies; • Perform auditing and control validation, evaluating system security and compliance with federal programs; • Provide hands-on technical and compliance support for CISO; conducts reviews and assists in maintaining system integrity as well as support operational continuity functions necessary for ongoing compliance and audit readiness; and• Provide advice and guidance to the CISO on all issues involving information governance, security and compliance risks and work with programs across OTDA to facilitate the development, implementation, monitoring and enforcement of OTDA policies necessary to bring and keep OTDA data in compliance and keep the data secure and confidential in accordance with agency obligations.

The minimum qualifications required for this vacancy. Minimum Qualifications NY HELPS: This title is part of the New York Hiring for Emergency Limited Placement Statewide program (NY HELPS). For the duration of the NY HELPS Program, candidates may be hired via a non-competitive appointment if they meet the below NY HELPS minimum qualifications.At a future date (within one year of permanent appointment), it is expected employees hired under NY HELPS will have their non-competitive employment status converted to competitive status, without having to compete in an examination. Employees will then be afforded all of the same rights and privileges of competitive class employees of New York State. While serving permanently in a NY HELPS title, employees may take part in any promotion examination for which they are qualified.NON-COMPETITIVE QUALIFICATIONS: A bachelor’s degree and three years of IT auditing experience*; or an associate’s degree and five years of IT auditing experience*.*IT auditing experience must have been gained in any one or combination of the following: an information system or audit professional with responsibility for designing, developing, and evaluating mainframe and server-based audit systems; an information system or audit professional with responsibility for designing and programming tests to perform audits of physical and logical access controls of mainframe and server-based systems; an information system or audit professional with responsibility for data extraction, manipulation and analysis using information from diverse sources, including preparation and presentation of written reports of findings suitable for non-technical audience; and an information system or audit professional with responsibility for supporting an audit group, including developing and maintaining audit systems and identifying and providing data in support of audit activity.OR55 B/C: This position is eligible for 55b/c appointment, and candidates with 55b/c eligibility are encouraged to apply. To be eligible for a 55b/c appointment, candidate must be currently enrolled in the Civil Service 55b/c program and must meet the minimum qualifications listed above. Information about the 55b/c program can be found here: QUALIFICATIONS: Eligible for a lateral transfer or eligible for transfer under Section 52.6 or 70.1 of the Civil Service Law by having one year of permanent competitive service in an appropriate title. Information regarding transfer eligibility is available on the Civil Service Career Mobility Office website at Qualifications: A bachelor’s degree with emphasis on Information Technology, Auditing and/or Information Security Industry certifications: ISACA - Certified Information Systems Auditor (CISA), Cybersecurity Audit Certificate, Software Development Fundamentals CertificateISC2 - Certified Information Systems Security Professional (CISSP), Governance, Risk and Compliance Certification (CGRC), Certified Secure Software Lifecycle Professional (CSSLP) or similar.

Additional comments regarding the vacancy. Additional Comments A full-time permanent appointment will be made. If certified by Civil Service, mandatory reemployment list candidates must be considered first for appointment to this title. Candidates must be legally authorized to work in the United States. Your resume must indicate how you meet the minimum qualifications for these positions. Non-specific submissions may be disqualified from further consideration if the information you provide does not meet the minimum qualifications.Telecommuting up to 50% may be available in accordance with The Office of Temporary and Disability Assistance policy and can be discussed during the interview.Interested applicants should send an email to [email protected] and reference posting #26-002. DO NOT REFERENCE THE VANCY ID NUMBER.NYS OTDA seeks to promote a diverse workforce that is a representation of the various cultures, voices, backgrounds, ideas, and talents of the citizens and communities that we serve. In alignment with New York State’s Executive Orders 187 and 31, OTDA is committed to advancing diversity, equity, inclusion, and accessibility by fostering an inclusive workplace.

Some positions may require additional credentials or a background check to verify your identity.