Job Class Search
Job Details
Information Security Officer
The Information Security Officer (ISO) is responsible for developing, implementing, and maintaining the information security framework for a state agency in Arkansas. This role ensures that data, systems, and networks are protected from cybersecurity threats, unauthorized access, and regulatory non-compliance. The ISO works closely with state IT personnel, law enforcement, and executive leadership to assess risks, develop security policies, and respond to incidents.
Class Code:
SIA18P
Job Grade:
SGS04
Special Job Requirements:
Typical Functions:
Develop and implement information security policies, standards, and procedures in compliance with state and federal regulations. Ensure adherence to Arkansas state cybersecurity guidelines and risk management frameworks. Conduct security audits, vulnerability assessments, and compliance reviews to identify areas for improvement. Monitor cyber threats, vulnerabilities, and potential risks to the agency’s IT infrastructure. Develop and implement risk mitigation strategies to protect critical state data and systems. Oversee security controls and access management to safeguard against unauthorized access. Collaborate with IT teams to conduct penetration testing, security evaluations, and disaster recovery planning. Serve as the lead responder for cybersecurity incidents, data breaches, and forensic investigations. Develop and maintain incident response plans and protocols for mitigating security threats. Coordinate with law enforcement, state IT teams, and external cybersecurity experts during investigations. Prepare detailed reports on security incidents, findings, and recommended corrective actions.
Knowledge, Abilities, and Skills:
Strong knowledge of network security, firewalls, encryption, intrusion detection, and endpoint security. Experience with security information and event management (SIEM) systems and cybersecurity frameworks. Ability to analyze security threats, conduct risk assessments, and implement cybersecurity measures. Familiarity with cloud security principles, identity and access management (IAM), and data loss prevention (DLP). Strong verbal and written communication skills for presenting security policies and incident reports. Ability to translate complex security concepts into clear, actionable guidance for non-technical staff. Ability to respond swiftly and effectively to cybersecurity incidents and emerging threats. Strong critical thinking and decision-making skills for prioritizing security risks. Expertise in designing and implementing security solutions to enhance state agency resilience
Minimum Qualifications:
At least three years of experience in information security, network administration, cybersecurity risk management, or a related field. Satisfaction of the minimum qualifications, including years of experience and service, does not entitle employees to automatic progression within the job series. Promotion to the next classification level is at the discretion of the department and the Office of Personnel Management, taking into consideration the employee’s demonstrated skills, competencies, performance, workload responsibilities, and organizational needs.
Required Certificates:
N/A OTHER JOB RELATED EDUCATION AND/OR EXPERIENCE MAY BE SUBSTITUTED FOR ALL OR PART OF THESE BASIC REQUIREMENTS, EXCEPT FOR CERTIFICATION OR LICENSURE REQUIREMENTS, UPON APPROVAL OF THE QUALIFICATIONS REVIEW COMMITTEE.
Exempt:
N