RCQC Team Manager

Description

The Office of Secretary of State (OSOS) offers some of the most unique and diverse job opportunities in state government. Its critical responsibilities include: ensuring a fair and accurate elections process; connecting Washingtonians through the power of libraries; protecting our important government records; and registering corporations and charities. The Secretary of State also administers vital community programs that inspire giving, document our history, and assist crime survivors in avoiding further abuse. This independent office under the state Constitution operates from facilities in the Olympia area and statewide.

The OSOS is looking for top-performing employees who embody its core values of integrity, service excellence, visionary leadership, collaboration and teamwork. It is committed to both employee growth and work-life balance. The benefits of working in state government also include potential eligibility for the federal Public Service Loan Forgiveness program.

The Information Security & Response (ISR) Division protects against cybersecurity threats and provides strategic elections messaging that enhances the security of and improves public confidence in the Office of the Secretary of State. The ISR Division has 15 employees who report to the ISR Director. These employees are based at our Olympia-area Secretary of State facility and at the Digital Archives. The information security section consists of the Chief Information Security Officer, InfoSec Project Manager, VoteWA Development Manager, two InfoSec team supervisors and four InfoSec systems administrators. The Risk Compliance & Quality Control (RCQC) Security Analyst is part of a three-person information security team.

Duties

Duty: Develop and implement reliability strategies
Tasks include:

• Design and implement quality and security policies and processes that align with company goals and project requirements.
• Establish quality benchmarks and KPIs for evaluating IT projects, software products, and IT services.
• Track, analyze, and report on QA metrics, trends, and quality-related issues, providing insights to senior management.
• Develop dashboards and/or regular reports to monitor quality metrics and progress for stakeholders.
• Provides input or feedback to stakeholders on the adoption and implementation of SDLC supporting tools/toolchains.

• Coordinates with development and operations teams on all phases of the testing process, including functional, regression, integration, performance, and user acceptance testing.
• Works closely with developers, product managers, project managers, and business analysts to align quality standards and project goals.
• Ensure comprehensive test coverage, reviews test cases, plans, and scripts developed by assigned team members.
• Continuously review and refine reliability processes to increase effectiveness, efficiency, and productivity.
• Facilitate communication between ISR and other departments, ensuring reliability goals are embedded throughout the development lifecycle.

• Ensure software security features enable log management, identity management, access control, vulnerability management and, integrate with existing services.
• Evaluates security baselines including the default settings to ensure they are working as expected and are not inadvertently causing any security weaknesses, operational issues, or other problems.
• Implement and manage automation tools and frameworks to streamline testing and improve efficiency.
• Govern the selection and integration of new tools and technologies that enhance testing capabilities.
• Encourage the adoption of new practices or technologies that can improve overall product quality and testing speed.

• Track and maintain agency security requirements, risks, and design decisions.
• Use forms of risk modeling – such as threat modeling, attack modeling, or attack surface mapping – to help assess the security risk for agency software.
• Resolve security incidents or system defects and implement immediate corrective actions.
• Conduct root cause analysis to understand underlying issues and prevent recurrence.
• Gather information from software acquirers, users, and public sources on potential vulnerabilities in the software and third-party components that the software uses and investigate all credible reports.
• Serves as the point of escalation for vulnerabilities based on underlying code weaknesses.
• Help ensure that vulnerabilities are remediated in accordance with risk to reduce the window of opportunity for attackers.

• Supervises and leads security team to complete operations and project tasks.
• Directs team efforts in root cause analysis during and after incident response appropriate to the nature of the incident.
• Leads assigned resources for periodic internal assessments and audit exercises.
• Ensures that supervised staff have the information, resources, and authority to complete assignments and meet documented expectations.
• Recognizes staff accomplishments that meet division goals.
• Communicates division and agency direction and priorities to staff, seeking input and feedback.

• Seeks out and consumes IT Security related professional conferences and training, both agency-directed and professional interest.
• Reading and leading discussions on technical publications and periodicals.
• Conducts research and appropriate experimentation.
• Obtains and maintains relevant security certifications.

• Other duties as assigned.

Qualifications

Required Qualifications:

• Tens years of information technology experience working with security technologies such as Web Proxies, Data Loss Prevention (DLP), Security Information Event Management (SIEM), Intrusion Detection, Incident Response & Investigation, Vulnerability Management and Endpoint Defense.
• Ability to efficiently use a personal computer and applicable software to successfully perform the essential job functions of the position.
• Ability to read and write English Language.

• Communications - The ability to concisely and effectively interact with other individuals as well as internal and external organizations.
• Teamwork - As an active member of a team, has the ability and desire to work collaboratively with others, fosters teamwork, and influences others.
• Interpersonal Skills - The ability to notice, interpret, and anticipate others' concerns and feelings, and to communicate this awareness empathetically to others.
• At least 15 quarter hours specializing in a computer science or related field.
• Experience with Programming or Scripting languages like PowerShell, JavaScript, Python, C#, VBA etc.
• Experience developing and implementing information security, controls, guidelines, and procedures.
• Understanding of advanced protocols and standards, including a demonstrated ability to perform complex analysis and metrics.
• Knowledge of information security frameworks and industry regulations (NIST, PCI, HIPAA, CSC).
• Knowledge and understanding of state laws and regulations (RCWs and WAC) concerning Information technology and the Public Records Act.
• Knowledge and understanding of federal programs such the National Infrastructure Protection Program, the Critical Infrastructure sector concerning the Government Services and Facilities and Information Technology.
• Information Security Certifications from organizations such as GIAC, CompTIA, ISC^2, ISACA.

Supplemental Information

Working Conditions In this position, the incumbent works primarily in an office setting, which will require the ability to sit and/or stand for extended periods of time. The standard work hours are Monday-Friday 8am - 5pm; however, work can be required outside of standard hours to include evenings, weekends, and holidays. Regular travel to local offices is required and there may be some travel to attend meetings and training. The incumbent in this position must be able to represent the Office of the Secretary of State in a competent, confident, and professional manner, including professional dress, and be able to clearly and effectively communicate ideas and information both verbally and in writing, and work successfully with a wide variety of people in a team environment. The incumbent in this position must have the ability to work under pressure, meet deadlines, and coordinate with other operational areas to execute security response.

This position is in a bargaining unit represented by the Washington Federation of State Employees (WFSE) and is subject to the terms of the Collective Bargaining Agreement between the State of Washington, The Office of the Secretary of State, and the WFSE.

How to Apply

• To be considered for this position you must attach the following:
  • Current Resume
  • Three Professional references. Personal references will not be considered.
• You must complete the supplemental questions at the end of this application. Incomplete responses such as "see resume" will not be considered. In addition, if the employer you identify in the additional information section is not included on your resume or work experience profile and/or you do not identify an employer, you will not receive credit.
• All veterans must include a copy of your DD214 to receive preference in the hiring process. You must black out your social security number before attaching it to your application.
• Prior to a new hire, a background check including criminal record history will be conducted. Information from the background check will not necessarily preclude employment but will be considered in determining the applicant's suitability and competence to perform in the position.
• Must have current Washington state driver's license or have requested and obtained an appropriate accommodation.