Information Risk, Privacy, and Compliance Officer (IT Cyber Security Manager 1)

Initial Posting Date:

09/18/2024

Application Deadline:

09/30/2024

Agency:

Oregon Liquor & Cannabis Commission

Salary Range:

$7,244 - $11,205

Position Type:

Employee

Position Title:

Information Risk, Privacy, and Compliance Officer (IT Cyber Security Manager 1)

Job Description:

The Oregon Liquor and Cannabis Commission (OLCC) is recruiting for a permanent, full-time Information Risk, Privacy, and Compliance Officer (IT Cyber Security Manager 1) in our Information Technology Division, located in our Portland HQ office, 9079 SE McLoughlin Blvd., Portland, OR.

 

The Information Risk, Privacy, and Compliance Officer (IT Cyber Security Manager 1) is a management level role with accountability and responsibility for digital/information security activities across the agency. This includes planning, overseeing and managing strategy development and implementation, cybersecurity operations, as well as budget and resources that ensure protection of the enterprise information assets. The position will primarily be engaged in oversight and reporting of information system security within the OLCC. This role is also responsible for planning and management of the security of information technology systems. This position reports directly to the Chief Information Officer and is required to work onsite at the Portland Headquarters office a minimum of two days per week.

 

Who are we?

 

The OLCC is the agency responsible for regulating the sale and service of alcoholic beverages in Oregon by administering the state's Liquor Control Act and regulating the production, processing, and sale of recreational marijuana in Oregon through the Control, Regulation and Taxation of Marijuana and Industrial Hemp Act.

 

The agency is comprised of three major operational programs; the Distilled Spirits Program, the Recreational Marijuana Program, and the Public Safety Program. All three programs are supported by the Administration, Financial Services, and Support Services divisions. Revenue generated from these programs helps support state and local government programs. The OLCC distributed more than $600.4 million in the last two years to Oregon’s General Fund, Cities, Counties, and Drug/Alcohol Abuse Programs. This money helps fund essential services such as schools, police, and healthcare for Oregonians.

 

The Distilled Spirits Program oversees the distribution and sale of distilled spirits in the state. The Distilled Spirits division centrally purchases, warehouses, and distributes distilled spirits to Oregon’s independently operated liquor stores. OLCC’s Public Safety Program licenses and regulates businesses in the alcohol industry such as manufacturers, wholesalers, bars, restaurants, grocery, and convenience stores.

 

The Recreational Marijuana Program is exclusively authorized to make recreational marijuana available to consumers and licensed businesses through retail marijuana stores. The program also tracks the growing, transporting, processing, and selling of recreational marijuana products. The Public Safety Program is responsible for licensing and regulating the operation of the recreational marijuana industry in Oregon.

 

The following list represents the general responsibilities of the Information Risk, Privacy, and Compliance Officer:

• Determine priorities and develop long and short-range plans and goals and security strategies, in accordance with OLCC mission and objectives and in alignment with the mission and goals of OIS, OIS vision and OIS management system.

• Ensure the OLCC information security program is aligned with the vision and direction of the SCISO and the Enterprise Security Office. Serve as the OLCC strategic representative to the SCISO and CSS.

• Establish and implement organizational and operational plans for continuously improving the efficiency and effectiveness of the work of the section.

• Set performance goals and objectives for the section and implement measurements to report on progress and quality of service. Develop, implement and evaluate policies, processes and procedures for the operations of the section.

• Advise the CIO and provide leadership within the agency about information security and privacy risks and compliance.

• Ensure the development and implementation of information security and privacy policies, standards and procedures; ensure that information security policies, standards, procedures and controls align with Federal and state regulations, contractual requirements and industry best practices.  Direct the agency’s education and awareness program as it relates to privacy and information security.

• Provide oversight to the agency’s privacy compliance in support of the agency goals of providing useful, reliable, and timely programs and consulting, as well as ensuring compliance with Federal and State privacy regulations, and OLCC policies and procedures.

• Provide direction and supervision to information security and privacy staff.

• Recruit, hire, mentor, coach, supervise, and provide training for staff.  Set performance expectations for staff reporting directly and through matrix relationships. Provide coaching and give feedback on individual and team performance and provide training if applicable.

• Identify and recommend training opportunities, create developmental training plans, prepare performance evaluations, participate in disciplinary actions and terminations, and respond to grievances.

• Actively promotes and supports the agency’s affirmative action plan and diversity program, along with related policies and practices. Helps achieve agency affirmative action goals through recruitment, hiring, employee development and training. Works with the OIS Leadership in creating a positive work environment. Encourages employees to value diversity and helps create a climate of mutual acceptance and understanding.

• At the direction of the CIO, serve as key advisor to the Directors, Chief Operating Officers, Chief Financial Officers and other agency leadership in the area of information security and privacy.

• Develop enterprise program and service goals, objectives and develop performance measures.

• Oversees and ensures the development of Information Security and Privacy policies and processes.  Advise in the development and implementation of IT policies and processes.

• Participate in the development and implementation of the technology strategic plan.

• Develop and direct special studies through committees or task forces that will lead to improvements in business processes and management practices.

• Assist in the preparation of biennial and interim budget requests to obtain the resources necessary to implement ISPO projects and support functions.

• Responsible for managing the budget of the ISPO section.  Monitor and track ISPO expenditures through the biennium and take the necessary budgetary action to meet ISPO and OIS organizational and operational goals and objectives.

• Participate in the development and implementation of the OIS biennial budget.  Participate in creation of Policy Option Packages for OIS and/or business solutions with an IT component.   Participate in providing cost and impact analysis for proposed legislation.

• Direct OIS procurement activities as they relate to section, including contract preparation, purchasing and contract administration.

 

What do you need to qualify? Minimum Qualifications: 

 

Five years of lead work, supervision, or progressively related experience;

OR

two years of related experience and a bachelor's degree in a related field.

What we are looking for (Desired Attributes):

• Experience and/or education in Computer Science, Information Technology, Cybersecurity, or a related field.

• Ability to present complex technical ideas and concepts to leadership, technical teams and stakeholders.

• Management experience leading diverse teams.

• Ability to work onsite at the Portland headquarters office a minimum two days per week.

• Proven ability to lead and develop a cybersecurity team, fostering a collaborative and high-performance culture.

• Proficient in coordinating among divisions to respond to threats and incidents as well as implement proactive security measures.

• Demonstrates high ethical standards and a commitment to the organization's values and the protection of its assets.

• Maintains the confidentiality and integrity of sensitive information.

• Strong judgment and decision-making skills, especially under pressure during security incidents.

• Expertise in identifying, assessing, and prioritizing risks, and implementing mitigation strategies.

• A strong background of the security frameworks and standards such as ISO 62443, NIST 800-82 and OT specific architectures like the Perdue Model.

• Desired certifications include CISSP, GICSP, CISM, CISA, CIPT, CIPM, CRISC.

• Solid understanding of network architecture, firewalls, VPNs, IDS/IPS, and other security tools.

• Commitment to continuous learning and staying up-to-date with the latest cybersecurity trends, threats, and technologies.

• Experience in IT and cybersecurity policies, standards, procedures and controls, security strategies and roadmaps.

• Background in cybersecurity assessments, metrics, and reporting.

• Ability to align the cyber security strategy with the organization's business goals and long-term vision.

 

 

How are candidates selected?

 

The selection process consists of a review of your application and an evaluation of your education, experience, training, and overall professionalism of your application materials.  Candidates that follow the application directions, submit what is required and provide us with credentials that showcase their skills and how they meet the minimum qualifications and desired attributes will be invited to an interview. Resumes will not replace the completed job history experience in Workday.  We will only review documents that are requested. Because details are really important to us, your application materials will be evaluated for grammar, spelling and punctuation. 

 

What's in it for you?

• Medical, vision, and dental insurance.

• 11 paid holidays per year.

• 10 hours of vacation leave earned per month, eligible to be used after 6 months of service.

• 8 hours of sick leave earned per month, eligible to be used as accrued.

• 24 hours of personal business leave per fiscal year, eligible to be used after 6 months of service.

• Pension and retirement programs.

• Click here to learn more about State of Oregon benefits.

• A workplace that fosters fairness, equity, and inclusion to maintain a workplace environment where everyone is treated with respect and dignity.

• A healthy work/life balance, with opportunities for hybrid remote work.

 

How to Apply:

• Internal Applicants (Current State of Oregon Employee) – MUST apply through your employee Workday account. Please update your profile with current job history and education. In Workday, click on the Career application link, View Internal-Find Jobs, Find the position and select Apply.

• External Applicants – Please visit the State of Oregon job opportunities webpage to submit your application for the position.

• Workday does not pull your work history from your profile; you MUST list your current work experience on your application for it to be considered. A resume will not substitute for completing the work experience section of your application.

• The work history and/or education section of your application must clearly demonstrate how you meet all the minimum qualifications and desired attributes listed above.

• Upload and attach your resume in addition to completing your job history and education details in Workday. Optional cover letters can be attached in the same section as your resume.

 

Want to Know More? Here’s some additional information:

• Telework: After an initial training period, this position is eligible for a flexible hybrid remote work schedule. The position is based at our Portland HQ office, and you will be required to come into the office a minimum of 2 days per week. Telework is evaluated periodically to ensure business needs are being met and can be adjusted at any time. Please visit the state’s Work Reimagined website for more information.

• The salary listed is the non-Public Employee Retirement Systems (PERS) qualifying salary. If the successful candidate is PERS qualifying, the salary will reflect the 6.95% increase.

• This position serves a twelve (12) month trial service period.

• Applicants must be authorized to work in the United States. Applicants who require VISA sponsorship will not be considered at this time.

• Within three days of hire, all applicants will be required to complete the US Department of Justice Form I-9, confirming authorization to work in the United States. OLCC uses E-Verify to confirm that applicants are authorized to work in the United States.

• Driving:  The person in this position may drive a State of Oregon vehicle.  We require drivers to hold a current, valid driver’s license and maintain a good driving record in order to drive.

• This position requires a background and security check with fingerprinting to work in areas that handle confidential documents. An adverse background and failed security clearance will result in disqualification.

 

Helpful Tips:

• Be sure to attach a resume. Note: Applicants who don’t attach the required documents or fail to complete the “Work History” section of the application may be automatically disqualified from further consideration. If you are concerned that the requested documents weren’t attached to your application, please email a copy to bailie.foxworthy@olcc.oregon.gov . Material will be associated on your behalf if received before the posting deadline.

• Allow yourself plenty of time to complete and submit the application process.

• Workday will timeout after 20 minutes of inactivity.

• This posting closes at 11:59 PM on the close date listed.

• Be sure to check both your email and Workday account for updates regarding this recruitment.

• Workday performs best in Google Chrome.

• Click here for Resources and a Job Support Page.  

Veteran's Preference:
The OLCC provides veterans’ preference points to all eligible veterans. For privacy reasons, please do not attach veterans’ preference documents when initially applying. You will be sent a Workday “Task” to complete once you have submitted your application. The “Task” will prompt you to provide the appropriate documentation for your Veterans’ Preference point selection. For more information, please go here: https://www.oregon.gov/jobs/Pages/Veterans.aspx.

After you apply:

Log in to your Workday account before the job announcement closes to see if you have any pending tasks or actions, and make sure to complete these tasks or actions before the job announcement closes. These can be found under the “My Applications” section.

Questions/Need Help?

If you have questions about the recruitment or need assistance, please contact OLCC HR Recruiter, Bailie Foxworthy by email at bailie.foxworthy@olcc.oregon.gov. Please make sure to reference your recruitment (REQ) identification number in your email.

THE OREGON LIQUOR & CANNABIS COMMISSION IS AN EQUAL OPPORTUNITY, AFFIRMATIVE ACTION EMPLOYER COMMITTED TO WORK FORCE DIVERSITY