IT Security and Compliance Specialist (Cloud)

Description of Work

*** This Role Is Eligible To Be Hybrid And Has Onsite Reporting Located Within Raleigh, NC ***

This Position Is Funded In Part Through Federal Funds.

Key responsibilities include supporting infrastructure deployments, developing automated threat detection and monitoring systems, coordinating security governance policies, and acting as a subject matter expert (SME) on cloud security practices. The Specialist also contributes to training initiatives, participates in internal and external audits, and ensures alignment with compliance standards such as NIST 800-53, HIPAA, ISO 27001, SOC 2, and PCI.

• Manage and support secure deployment, maintenance, and troubleshooting of AWS cloud infrastructure for DHHS and client projects.

• Create and maintain technical documentation, including security architecture diagrams and compliance reference materials.

• Design and implement automated systems to monitor, detect, and analyze threats across multiple cloud environments.

• Assist with developing privacy and security policies, procedures, and governance documentation.

• Perform cloud security assessments and vulnerability scans across AWS, Azure, GCP, and hybrid environments.

• Configure and tune cloud-native and third-party security tools to optimize monitoring and minimize false positives.

• Provide subject matter expertise and consultation to IT and project teams regarding cloud security best practices.

• Deliver training to staff on secure usage of cloud platforms and tools (e.g., AWS services).

• Participate in audit readiness activities and ensure compliance with state, federal, and agency-specific security regulations.

• Collaborate with vendors and stakeholders to ensure secure service delivery across platforms and maintain up-to-date risk documentation.

About the NC Department of Health and Human Services (DHHS):

The North Carolina Department of Health and Human Services (DHHS) is one of the largest, most complex agencies in the state, and has approximately 17,000 employees. It is responsible for ensuring the health, safety, and well-being of all North Carolinians, providing human service needs for special populations including individuals who are deaf, blind, developmentally disabled, and mentally ill, and helping poor North Carolinians achieve economic independence.

About the NC DHHS Information Technology Division:

In collaboration with our partners, the North Carolina Department of Health and Human Services (DHHS) protects the health and safety of all North Carolinians and provides essential health and human services. The IT division (ITD) is one of the divisions that report to the Operational Excellence portfolio. The ITD division comprises six sections: Implementation and Operations, Strategy and Workforce, Enterprise Technology, Vendor and Finance, Data and Analytics, and Cyber and Privacy. Team ITD offers the following services but not limited to implementations, operations, project/portfolio management, infrastructure, consulting, business division liaison, digital transformation, IT strategy, enterprise technology, IT contract and vendor management, and data office services.

Compensation and Benefits:

The State of North Carolina offers excellent comprehensive benefits. Employees can participate in health insurance options, standard and supplemental retirement plans, and the NCFlex program (numerous high-quality, low-cost benefits on a pre-tax basis). Employees also receive paid vacation, sick, and community service leave. In addition, paid parental leave is available to eligible employees. Visit website for benefits:https://oshr.nc.gov/state-employee-resources/benefits.

For more information about DHHS:https://www.ncdhhs.gov/

Knowledge, Skills and Abilities / Competencies

Listed below are the knowledge, skills and abilities (KSAs) associated with the position. These KSAs, along with the minimum education and experience listed, are required in order to be deemed "eligible" for the position therefore you must provide supporting information, within the body of your application, to demonstrate your possession of each KSA listed.

Qualified applicants must possess, and application must clearly reflect work experience that demonstrates the following:

• Experience managing cloud infrastructure and security using AWS, Azure, GCP (Google Cloud Platform), or similar platforms.

• Experience designing and implementing security controls based on regulatory frameworks such as NIST 800-53, HIPAA, PCI, ISO 27001, or SOC 2.

• Experience identifying, assessing, and mitigating security risks in cloud environments using vulnerability assessments/ tool configuration.

• Experience working with cloud-native security technologies such as microservices, serverless computing, and container platforms like Docker or Kubernetes.

• Experience supporting the development of cloud security governance, like security policy creation, threat modeling (e.g., STRIDE, PASTA), and documentation.

• Experience with threat modeling frameworks such as STRIDE, PASTA, or FAIR.

• Certifications including AWS, Azure, GCP, CISSP, GSEC, or other SANS/CERT security credentials.

• Knowledge of North Carolina DHHS IT systems and business operations.

Minimum Education and Experience Requirements

Some state job postings say you can qualify by an “equivalent combination of education and experience.” If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See https://oshr.nc.gov/experience-guide for details.

Qualified applicants must possess, and application must clearly reflect work experience that demonstrates the following:

Supplemental and Contact Information

The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws, state laws and Executive Orders. We are committed to reviewing requests for reasonable accommodation at any time during the hiring process or while on the job. For more information about DHHS: https://www.ncdhhs.gov/.

DHHS uses the Merit-Based Recruitment and Selection Plan to fill positions subject to the State Human Resources Act with the most qualified individuals. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.

It is critical to our screening and salary determination process that applications contain comprehensive information. Information should be provided in the appropriate areas to include the beginning and ending dates of jobs worked, education with the date graduated, all work experience, and certificates / licenses. Resumes will not be accepted in lieu of completing this application. Answers to Supplemental Questions must refer to education or work experience listed on this application to receive credit. Degrees must be received from appropriately accredited institutions.

• Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications.
• Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if they are a current member of the NC National Guard in good standing. If a former member of the NC National Guard, who served for at least 6 years and was discharged under honorable conditions, they must attach either a DD256 or NGB 22.
• If applicants earned college credit hours but did not complete a degree program, they must attach an unofficial transcript to each application to receive credit for this education.
• Applicants may be subject to a criminal background check. All candidates selected for positions considered "Positions of Trust" will be subject to a criminal background check.

Applications for positions requiring specific coursework must be accompanied by a copy of the applicant's transcript. Applicants with degrees not conferred at a United States college or university must attach verification that their degree is equivalent to a similar degree from a U.S. institution. The Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent. For a list of organizations that perform this specialized service, please visit the NACES membership website at https://www.naces.org/members. Transcripts, degree evaluations and cover letters may be uploaded with your application.

NOTE: Applicants will receive communication via email only for updates on the status of their application or any questions on their application. If there are any questions about this posting other than your application status, please contact Talent Acquisition at talentacquisition@dhhs.nc.gov.

NOTE: For temporary, contract or other supplemental staffing appointments: There are no paid leave, retirement or other benefits associated with these appointment types.