Risk Mitigation Analyst (Operations & Policy Analyst 4)

Initial Posting Date:

04/04/2025

Application Deadline:

04/20/2025

Agency:

Oregon Liquor & Cannabis Commission

Salary Range:

$7,353 - $10,827

Position Type:

Employee

Position Title:

Risk Mitigation Analyst (Operations & Policy Analyst 4)

Job Description:

The Oregon Liquor and Cannabis Commission (OLCC) oversees access to alcohol and cannabis products in Oregon through education, regulation, and distilled spirits distribution. Our aim is to protect public health and safety while supporting responsible businesses and providing funding for local and state agencies.

The agency is comprised of three major operational programs: the Distilled Spirits Program, the Recreational Marijuana Program, and the Public Safety Program. All three programs are supported by the Administration, Financial Services, and Support Services divisions.  Revenue generated from these programs helps support state and local government programs.

What’s in it for you:

• Rewarding work in a productive and creative environment

• Colleagues who are passionate about public service and safety

• Work/life balance, 11 paid holidays a year, personal days, sick time, vacation accruals, and more! Click here to learn about State of Oregon benefits.

• Pension and retirement programs

• Advancement and learning opportunities that will help grow your career with the State of Oregon

• Possible eligibility for the Public Service Loan Forgiveness Program

• A workplace that fosters fairness, equity, and inclusion to maintain a workplace environment where everyone is treated with respect and dignity.

About this opportunity:

• This position is based at our Milwaukie, OR headquarters office. Please note that the headquarters for the agency will relocate from Milwaukie to Portland, OR by approximately the end of 2026.

• After an initial training period, this position may be eligible for a flexible hybrid work schedule, however weekly in-office work will be required. This position is not eligible to be fully remote.

• This position is a management service position and is not represented by a union.

Here’s what you will do:

This position will work closely with the State of Oregon’s Cyber Security Services (CSS), which is responsible for defining enterprise security architecture and policy and for coordinating security incident response. In partnership with CSS, this position will serve as an on-site counterpart at OLCC to implement State security standards and best practices, conduct security risk identification and remediation, and assist in security incident response activities. This position will also be responsible for providing security consultation to OLCC’s information technology, software development, project management, and non-technical staff as needed.

Please contact OLCC.HumanResources@olcc.oregon.gov if you would like a copy of the position description.

Here’s what you need to qualify:

Minimum Qualifications:

• A bachelor's degree in Business or Public Administration, Behavioral or Social Sciences, Finance, Political Science or any degree demonstrating the capacity for the knowledge and skills; and five years professional-level evaluative, analytical and planning work

OR

• Any combination of experience and education equivalent to eight years professional-level evaluative, analytical and planning work

Requested Skills:

• Experience managing results from vulnerability scanning programs such as Tenable or other Vulnerability identification tools.

• Experience managing enterprise level security patching and updating systems

• Strong understanding of security frameworks such as NIST, ISO 27001, and SOC2

• Experience in IT Audit and/or IT Risk Assessment.

• Comfortable producing scripts using PowerShell, Python etc...

• Experience implementing and maintaining cybersecurity controls

• Provide operational support and maintenance of security appliances

• Analyze and investigate events from Cybersecurity appliances or reported incidents

• Manage time and technical responsibilities, set accurate expectations and meet deadlines

• Assist in the identification and remediation of threats across the enterprise and mitigate risks

• Ability to Identify opportunities to improve the quality and resiliency of cybersecurity systems and applications

• Document projects and write Standard Operating Procedures

• Recommend, evaluate and deploy solutions to improve security posture

• Understanding of public sector administration

• Adept at analyzing and anticipating emerging risks, business priorities, and addressing these through risk mitigation, contingency plans and communication strategies

• Basic understanding of web services, SQL queries, database structures and modern application frameworks

• Technical understanding and experience with network security technology including IDS and IPS, Firewalls and network traffic analysis

Application instructions and information:

• Please ensure that you clearly demonstrate in your application materials that you meet the qualifications listed and that you follow all instructions carefully. Only complete applications received by the posted application deadline date will be considered.

• You may be asked to submit a skills assessment, a writing sample, or a video/phone interview as part of the application screening process.

• Internal candidates currently working for any State of Oregon agency must apply using your employee Workday account. In addition to required attachments, ensure that your profile has your current job history and education. In Workday, click on Menu in the upper left corner, Jobs Hub, Find Jobs. Enter the job number in the search bar, click on the job title and select Apply.

Additional information:

• The use of outside resources such as artificial intelligence (AI) software during applicant skills assessments, examinations, and/or interviews is prohibited unless otherwise stated by the hiring agency. Unauthorized use of outside resources during the hiring process will result in disqualification.

• The selection process consists of a review of your application and an evaluation of your education, experience, training, and overall professionalism of your application materials.  Candidates that follow the application directions, submit what is required and provide us with credentials that showcase their skills and how they meet the minimum qualifications and desired attributes will be invited to an interview. Resumes will not replace the completed job history experience in Workday.  We will only review documents that are requested. Because details are very important to us, your application materials will be evaluated for grammar, spelling and punctuation. 

• Per the Pay Equity Law passed in 2017, a pay equity analysis will be conducted to determine what pay step the successful candidate will be offered.  The analysis will be based on the relevant experience, education, training, and certifications documented in the application materials.  On average, candidates new to state service will most likely be offered compensation in the lower to mid-level of the salary range.

• Any offer of employment with OLCC is contingent on acceptable references and background check.  This position requires a background and security check with fingerprinting to work in areas that handle confidential documents. An adverse background and failed security clearance will result in disqualification.

• Eligible veterans who meet the qualifications will be given veterans' preference. For further information, please see the following website: Veterans Resources. NOTE: If claiming veterans’ preference please be sure to check your Workday account for pending tasks or actions under your “My Applications” section.

• We hire preferred workers!  For more information, please visit our website: Preferred Worker Program.

• OLCC does not offer VISA sponsorships. If your employment authorization and documentation is contingent on sponsorship now or in the future, you will not meet our agency employment eligibility standards. Within three days of hire, you will be required to complete the US Department of Homeland Security's I-9 form confirming authorization to work in the United States.

Helpful links and contact information:

Learn more about OLCC

Understanding the State Application Process

Help and Support webpage

For more information you may contact us by e-mail at OLCC.HumanResources@olcc.oregon.gov.

OLCC is fully committed to attracting, retaining, developing, and promoting the most qualified candidates without regard to their race, gender, color, religion, sexual orientation, national origin, age, physical or mental disability, or veteran status.