Information Systems Security and Compliance Specialist

As an Information Systems Security and Compliance Specialist with OMES you will enjoy:

• Generous leave including 15 days of vacation, 15 days of sick leave and 11 paid holidays annually.
• A comprehensive Benefit Package with a generous benefit allowance to offset the cost of insurance premiums for employees and their eligible dependents.
  
  

Job Details

• Full-time 40-hour work weeks.
• Support the Risk Assessment and Compliance team.
• Salary up to $75,000 commensurate with education and experience.
  
  

Responsibilities

• Audit & Compliance Support: Collaborate with state agencies, technical subject matter experts (SMEs), regulatory bodies, external auditors, and penetration testers to support audits and evidence collection. Coordinate internal and external audit responses and manage timelines for corrective action plans (CAPs) and plan-of-action and milestone (POA&M) findings. Assist with third-party security assessments and vendor management related security requirements.
• Security & Risk Management: Develop, evaluate, and maintain system security plans (SSPs) and evaluate IT security and privacy controls. Conduct gap analyses, track security control exceptions, and document compensating controls. Support the process of standardizing and streamlining information security audits and assessments. Make recommendations to leadership for reducing internal and partner risks.
• Remediation and Stakeholder Collaboration: Communicate security audit and assessment findings and recommendations and lead remediation efforts through research, documentation, and collaboration with stakeholders. Consult with stakeholders to ensure data, processes, and technology are designed for compliance and data protection. Develop and maintain standard operating procedures (SOPs) related to compliance reporting, security policies, and regulatory requirements. Provide support to OMES and partners to ensure continuous compliance with internal security policies and external regulations.
• Regulatory Compliance and Continuous Improvement: Analyze, interpret, and communicate regulatory changes (e.g., SSA, FTI, CJIS, HIPAA) to the organization. Serve as a change advocate to ensure compliance with state, federal, and local government requirements. Research the applicability of regulations and identify associated reporting requirements. Stay current on best practices in cybersecurity and regulatory compliance to support risk mitigation and asset protection. Advise OMES departments regarding data retention and destruction requirements as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedule. Helps oversee the approved destruction of agency data as defined in the Oklahoma Department of Libraries and Archives and/or OMES disposition schedules.
  
  

Physical Demands and Work Environment

This position works in a comfortable office setting with a computer for a large percentage of the workday. The noise level in the work environment is usually mild. Occasional travel may be required.

Minimum Qualifications

• Bachelor's degree in cybersecurity, or related area, from an accredited college/university and three or more years of information systems security auditing experience.
  
  

Preference Will Be Given To Candidates Who Possess

• Working knowledge of IT and regulatory frameworks and standards. Examples include: NIST CSF, NIST 800-53, IRS 1075, HIPAA, MARS-E, ARC-AMPE, PCI-DSS.
• One or more industry recognized certification (CISSP, CISA, CISM, Security , CIPM, CIPP/US, etc.).
• Five or more years of experience in information systems audit and control, information security, risk management, or privacy background.
  
  

About OMES

The Office of Management and Enterprise Services provides excellent service, expert guidance and continuous improvement in support of our partners’ goals. We are a highly qualified workforce committed to serve those who serve Oklahomans and make government run in the most efficient, innovative manner possible.

OMES is an Equal Opportunity Employer. Reasonable accommodation to individuals with disabilities may be provided upon request.