What are the responsibilities and job description for the IT Security & Compliance Specialist I position at State of North Carolina?

Salary : $70,525.00 - $105,787.00 Annually

Location : Wake County, NC

Job Type : Permanent Full-Time

Job Number : 24-14463 ITD 60042618

Department : Dept of Health and Human Services

Division : SEC OFFICE - INFO TECH

Opening Date : 01 / 17 / 2025

Closing Date : 2 / 3 / 2025 5 : 00 PM Eastern

Job Class Title : IT Security and Compliance I

Position Number : 60042618

Salary Grade : DT08

Description of Work

As of January 1, 2025, the new salary range will be $72,993 - $109,490

NC DHHS - Privacy and Security Office (PSO) requiring services of an IT Security Specialist to aid Division for Public Health (DPH) to be in compliance with Federal, NC State and NC DHHS requirements. IT Security Specialist should perform & support privacy, security, and continuity of operations goals, policies and practices, Contract reviews, Risk assessments based on NIST 800-53 rev 5. Should participate in the planning and implementation of privacy and security program for DPH.

This position is to aid Division for Public Health (DPH) in the identification of gaps through risk analysis, risk management and assist in the development of mitigation strategies. This position is to achieve and support program privacy, security, and continuity of operations goals, policies and practices with responsibility for analyzing and developing privacy, security, and continuity of operations related activities for DPH.

Duties include, are not limited to :

Respond to privacy and security incidents / breaches and vulnerabilities.
Assist in patching and remediation of vulnerability scans.
Evaluate contracts, agreements and projects.
Create and maintain privacy and security training and awareness efforts.
Participate in system reviews / audits while administering security policies, activities, and standards in accordance with Federal, State and Departmental (DHHS) regulations and policies affecting DHHS applications.
Discover, evaluate, assess, and document organizational systems, networks, and components using Qualys, Tenable Nessus vulnerability scanning.
Experience with risk assessment methodology best practices and tools.
Configure and schedule scans; ensure vulnerability assessment results are generated, accurate, clear, actionable, and available to appropriate personnel.
Configure risk assessment tools to perform various NIST 800-53, HIPAA, FDA assessments.
Follow-up and tracking of remediation issues arising from vulnerability scanning and serve as technical expert for vulnerability assessment processes and reports.

Knowledge, Skills and Abilities / Competencies

Listed below are the knowledge, skills and abilities (KSAs) associated with the position. These KSAs, along with the minimum education and experience listed, are required in order to be deemed "eligible" for the position therefore you must provide supporting information, within the body of your application, to demonstrate your possession of each KSA listed.

Qualified applicants must possess, and application must clearly reflect work experience that demonstrates the following :

Documented experience with vulnerability assessments and communicating results in accurate, clear, actionable, and available way to appropriate personnel

Experience with vulnerability scanning and network security best practices

Background experience serving as a knowledge base for organizations as it relates to Federal and state compliance requirements & mitigation strategies.

Prior experience Performing risk assessments based on NIST 800-53 Rev 4. HIPAA, SSA and IRS Pub 1075.

Demonstrated experience with network mapping and vulnerability scanning tools such as NESSUS and NMAP.

Documented experience in reviewing RFP, RFQ, MOU and MOA for privacy and security architecture requirements.

Demonstrated experience in reviewing the Business Continuity plans, Disaster Recovery Testing plans

Management Preferences :

Experience with North Carolina DHHS business and IT functions.

Demonstrate a working knowledge of HIPAA.

Minimum Education and Experience Requirements

Some state job postings say you can qualify by an "equivalent combination of education and experience." If that language appears below, then you may qualify through EITHER years of education OR years of directly related experience, OR a combination of both. See for details.

Qualified applicants must possess, and application must clearly reflect work experience that demonstrates the following :

Bachelor's degree in computer science or a related IT related field or closely related field from an appropriately accredited institution and one year experience in IT Security;

Associate's degree in computer science or a related IT related field or closely related field from an appropriately accredited institution and two years of experience in IT Security; OR

an equivalent combination of education and experience.

Supplemental and Contact Information

The North Carolina Department of Health and Human Services (DHHS) is an Equal Opportunity Employer who embraces an Employment First philosophy which consists of complying with all federal laws, state laws and Executive Orders. We are committed to reviewing requests for reasonable accommodation at any time during the hiring process or while on the job.

For more information about DHHS :

DHHS uses the Merit-Based Recruitment and Selection Plan to fill positions subject to the State Human Resources Act with the most qualified individuals. Hiring salary will be based on relevant qualifications, internal equity, and budgetary considerations pertinent to the advertised position.

It is critical to our screening and salary determination process that applications contain comprehensive information. Information should be provided in the appropriate areas to include the beginning and end dates of jobs worked, education with the date graduated, all work experience, and certificates / licenses. Resumes will not be accepted in lieu of completing this application. Answers to Supplemental Questions must refer to education or work experience listed on this application to receive credit. Degrees must be received from appropriately accredited institutions.

Applicants seeking Veteran's Preference must attach a DD-214 Member-4 Form (Certificate of Release or Discharge from Active Duty) to their applications.

Applicants seeking National Guard Preference must attach a NGB 23A (RPAS) if they are a current member of the NC National Guard in good standing. If a former member of the NC National Guard, who served for at least 6 years and was discharged under honorable conditions, they must attach either a DD256 or NGB 22.

If applicants earned college credit hours but did not complete a degree program, they must attach an unofficial transcript to each application to receive credit for this education.

Applicants may be subject to a criminal background check. All candidates selected for positions considered "Positions of Trust" will be subject to a criminal background check.

Applications for positions requiring specific coursework must be accompanied by a copy of the applicant's transcript. Applicants with degrees not conferred at a United States college or university must attach verification that their degree is equivalent to a similar degree from a U.S. institution. The Office of State Human Resources uses the National Association of Credential Evaluation Services (NACES) as a referral resource for applicants who need to have their credentials certified as equivalent. For a list of organizations that perform this specialized service, please visit the NACES membership website at . Transcripts, degree evaluations and cover letters may be uploaded with your application.

NOTE : Applicants will be communicated via email only for updates on the status of their application or any questions on their application. If there are any questions about this posting other than your application status, please contact HR at 919-855-4930.

To check the status of an application, please log in to your NC Government Job Opportunities account and click "Application Status".

For technical issues with your application, please call the NeoGov Helpline at 877-204-4442. If you have a technical issue with your Government Jobs account, please call their Help Line at 1-855-524-5627.

NOTE : For temporary, contract or other supplemental staffing appointments : There are no paid leave, retirement or other benefits associated with these appointment types.

For permanent and time-limited appointments : Eligible employees have benefits that include employee health insurance options, standard and supplemental retirement plans, NC Flex (a variety of high-quality, low-cost benefits on a pre-tax basis), and paid vacation, sick, and community service leave, to name a few. Paid parental leave is available for eligible employees. Some benefits require 30 hours work / week for participation.

I UNDERSTAND that DHHS requires a complete descriptive work history with all employment experience detailed to be considered for employment. I have included all this information within my application. (NOTE : AN ATTACHED RESUME NOR "SEE RESUME" DOES NOT SATISFY THE REQUIREMENT OF COMPLETING THE APPLICATION. If you haven't completed the application requirements, please return to your application to finish it before submitting your application.)

Yes, I understand and have fully completed all requirements.

How much experience do you have with vulnerability assessment and communicating results in accurate, clear, actionable, and available way to appropriate personnel? Please note that all experience must be clearly documented in the "Work Experience" section of the application to be given credit.

No experience

Less than one (1) year of experience

One (1) year of experience but less than two (2) years of experience