Information Security & Audit Compliance Manager

Job Title: Information Security & Audit Compliance Manager

Job Requisition ID: 45232

Closing Date: 03/18/25

Salary: $10,417-$11,250/Monthly ($125,000-$135,000/Annually)

Work Hours: M-F 8:30AM - 5:00PM

Work Location: (Hybrid) Springfield, IL - 100 South Grand Ave E

Work authorization: US work authorization required at time of application. No sponsorship available. Not eligible for F1 OPT/CPT. Positions are W2 only and cannot be converted to a contract position. If you have questions about your work authorization eligibility, please email doit.recruitment@illinois.gov.

Questions? Email doit.recruitment@illinois.gov

Are you looking for a rewarding career with an organization that values their staff? The Department of Innovation & Technology (DoIT) is seeking to hire qualified candidates with the opportunity to work in a dynamic, creative thinking, problem solving environment.

This position serves as the Information Security & Audit Compliance Manager to lead our team supporting the Department of Human Services (DHS).

The DoIT Team at DHS is leading a transformation to modernize the way citizens interact with the State of Illinois agency responsible for providing a wide variety of services to Illinois residents.

The DoIT team at DHS is seeking to hire a candidate with strong technical and people skills to serve as the Information Security & Audit Compliance Section Manager responsible for managing DHS state-wide information system security process.

The successful candidate will need to be highly analytical, professional, communicate effectively, and possess excellent organizational skills.

If you possess these knowledges, skills, abilities, and experience, we invite you to apply for this position to join the DoIT Team!

As a State of Illinois employee, you receive a comprehensive benefits package including:

• Competitive Group Insurance benefits including health, life, dental and vision plans.
• Flexible work schedules (when available and dependent upon position)
• 10 -25 days of paid vacation time annually (10 days for first year of state employment)
• 12 days of paid sick time annually which carryover year to year
• 3 paid personal business days per year
• 13-14 paid holidays per year dependent on election years
• 12 weeks of paid parental leave
• Pension plan through the State Employees Retirement System
• Deferred Compensation Program – voluntary supplemental retirement plan
• Optional pre-tax programs -Medical Care Assistance Plan (MCAP) & Dependent Care Assistant Plan (DCAP)
• Tuition Reimbursement Program and Federal Public Service Loan Forgiveness Program eligibility

For more information regarding State of Illinois Benefits follow this link: https://www2.illinois.gov/cms/benefits/Pages/default.aspx

Essential Functions

• Subject to management approval, serves as the Information Security & Audit Compliance Manager for the Department of Innovation & Technology (DoIT), supporting the Department of Human Services (DHS) managing the agency’s state-wide information system security process.
• Serves as full-line supervisor.
• Oversees internal and external audit and compliance processes related to DoIT/DHS information systems.
• Independently, and with the support of subordinate staff, ensures the proper application of processes for approving or denying user requests for access to DoIT/DHS-specific information systems.
• Develops, implements, and monitors information system security controls for system access across DHS in accordance with IDHS, DoIT, and other state/federal requirements.
• Performs other duties as assigned or required which are reasonably within the scope of duties enumerated above.

Minimum Qualifications

• Requires knowledge, skill, and mental development equivalent to completion of four (4) years college preferably with coursework in computer science, management information systems, information technology, or related fields.
• Requires four (4) years of progressively responsible administrative experience in Information Technology Audits and Security.
• Requires three (3) years of experience supervising a team of IT professionals.

Preferred Qualifications

• Four (4) years of professional experience managing an IT system security program including implementing and managing enterprise IT security policies in alignment with NIST Cybersecurity Framework (CSF), Risk Management Framework (RMF), and Control Objectives for Information and Related Technologies (COBIT) framework for a public or private organization.
• Four (4) years of professional experience in developing, implementing, and managing Information Security Policies, Business Continuity Plans, and Disaster Recovery processes, with a strong understanding of best practices and standards defined by the Disaster Recovery Institute International (DRII) and similar frameworks.
• Four (4) years of professional experience developing and administering security policies, programs, and initiatives that align with organizational business objectives and enterprise security architecture for a large public or private organization.
• Four (4) years of professional experience managing state-wide or large-scale processes for responding to regulatory compliance audits, including FOIA and other information requests including working with internal and external information technology auditors.
• Three (3) years of experience leading technical teams, including overseeing performance evaluations, providing training, managing disciplinary actions, and aligning team objectives with organizational goals.
• Ability to analyze complex technical systems, identify risks and opportunities and interpret data-driven insights to develop strategic solutions in support of organizational and security objectives.
• Ability to develop and maintain collaborative relationships with diverse stakeholders, fostering strategic partnerships that drive organizational success and align with shared goals.
• Demonstrated verbal and written communication skills with the ability to clearly convey complex technical concepts to diverse audiences, produce concise and precise documentation, and foster collaboration across organizational levels to achieve strategic goals.
• Certification in one or more of the following: Certified Information Systems Security Professional (CISSP – ISC (2); Certified Information Security Manager (CISM - ISACA); Certified Information Systems Auditor (CISA – ISACA); Certified Business Continuity Professional (BCP – DRI International); Governance, Risk and Compliance Certification (CGRC – ISC (2); Certified Risk and Information Systems Control.

Conditions of Employment

NOTE: Applicants must possess the ability to meet ALL of the following conditions of employment, with or without reasonable accommodation, to be considered for this position.

• Requires the ability to verify identity.
• Requires employment authorization to accept permanent full-time position with the State of Illinois
• Requires ability to pass a position specific, agency required background check.
• Requires self-disclosure of criminal history.
• Requires ability to work outside of normal business hours to meet deadlines.
• Requires ability to use agency-supplied equipment (cell phone, laptop, etc.).
• Requires ability to attend seminars, conferences, and trainings to stay current on methods, tools, ideologies, or other industry related topics relevant to the job duties.
• Requires ability to lift and carry objects weighing up to 20 pounds. This is considered light work as defined by the U.S. Department of Labor (20 CFR 404.1567(b)). Light work involves lifting no more than 20 pounds at a time with frequent lifting or carrying of objects weighing up to 10 pounds.
• Requires the ability to travel in performance of duties.
• Requires the ability to serve in an on-call capacity.

The conditions of employment listed are incorporated and/or related to any duties included in the position description.