Job Class Search
Job Details
State IT Security Officer
The State IT Security Officer is a senior leadership role responsible for overseeing and managing the state of Arkansas' cybersecurity and IT security policies, strategies, and operations. The State IT Security Officer will lead efforts to protect the state's digital infrastructure, sensitive data, and critical systems from cyber threats and attacks. This position will collaborate with other state agencies, local government entities, and external partners to ensure that Arkansas adheres to best practices in IT security, data privacy, and regulatory compliance.
Class Code:
ISI02C
Job Grade:
IST15
Special Job Requirements:
Typical Functions:
Develop and implement a comprehensive cybersecurity strategy for the state of Arkansas, ensuring that security policies, procedures, and protocols are aligned with industry best practices. Provide leadership on all cybersecurity initiatives and advocate for a strong cybersecurity culture across state government. Establish and enforce state-wide security governance frameworks, ensuring consistent application of cybersecurity policies, procedures, and standards. Work closely with executive leadership to ensure cybersecurity initiatives are well-integrated into the state’s overall strategic goals. Conduct regular risk assessments to identify vulnerabilities, threats, and potential impacts on state IT systems and infrastructure. Lead efforts to mitigate risks and implement controls to ensure the protection of the state’s data, networks, and applications. Manage and oversee the selection, implementation, and ongoing evaluation of cybersecurity tools, technologies, and platforms to ensure effective threat detection, prevention, and response. Promote cybersecurity awareness across all state government departments by leading security training programs, workshops, and initiatives that increase the understanding of IT security risks and safe practices. Oversee the state’s security operations, including the monitoring, detection, and response to cyber threats. Stay informed of emerging cyber threats, vulnerabilities, and best practices. Continuously evaluate and improve the state’s cybersecurity policies, systems, and technologies to enhance the resilience of the state’s digital infrastructure. Ensure that the state’s IT security programs comply with applicable federal, state, and industry regulations (e.g., FISMA, HIPAA, PCI-DSS, and state-specific data privacy laws). Prepare for and support audits related to IT security and compliance. Ensure continuous security monitoring of state networks, systems, and applications to proactively identify and address security incidents. Lead the development and execution of state-wide incident response and disaster recovery plans. Ensure preparedness for handling and responding to cyberattacks, security breaches, or data loss events, while minimizing the impact on government operations and citizens.
Knowledge, Abilities, and Skills:
Extensive knowledge of cybersecurity principles, practices, and technologies, including threat analysis, risk management, incident response, and security governance. Familiarity with common cybersecurity frameworks and standards such as NIST, ISO 27001, and COBIT. Strong analytical and problem-solving skills, with the ability to evaluate complex security issues, identify vulnerabilities, and implement solutions that address risks and ensure operational continuity. Ability to clearly present complex technical information to non-technical stakeholders, including government officials, senior leadership, and the public. Experience in leading and coordinating security incident responses, including breach containment, investigation, and remediation. Knowledge of incident response best practices and familiarity with tools used for detecting and responding to security events. In-depth knowledge of IT security technologies, including firewalls, intrusion detection/prevention systems, encryption protocols, endpoint protection, and security information and event management (SIEM) systems. Deep understanding of state and federal cybersecurity regulations, data privacy laws, and compliance frameworks. Ability to guide the state’s cybersecurity practices to meet legal and regulatory requirements. Ability to adapt to rapidly evolving cybersecurity threats and technologies.
Minimum Qualifications:
A Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, plus ten (10) years of experience in IT security, risk management, or cybersecurity, with at least 5 years in a leadership or management role overseeing cybersecurity operations. Experience in government or public sector cybersecurity initiatives is highly preferred.
Required Certificates:
N/A OTHER JOB RELATED EDUCATION AND/OR EXPERIENCE MAY BE SUBSTITUTED FOR ALL OR PART OF THESE BASIC REQUIREMENTS, EXCEPT FOR CERTIFICATION OR LICENSURE REQUIREMENTS, UPON APPROVAL OF THE QUALIFICATIONS REVIEW COMMITTEE.
Exempt:
E