Information Technology Careers

Budget Analyst - Monitoring & Reconciliation 
Monitors ETS's financial status in coordination with the Office of Fiscal Services, Accounting Section by monitoring and reconciling data on transactions and expenditures, conducting fiscal analysis, performance and compliance audits, reviewing and reconciling accounts, records and reports of ETS operations, analyzing organizational policies and procedures for efficiency and effectiveness, and verifying reconciliations of transactional data in order to determine if financial statements accurately reflect financial status and transactions, and make recommendations to ETS management on complex budgetary issues to ensure stated goals and outcomes are accomplished in accordance with statutes, regulations, and pertinent law.

Budget Analyst - Projection 
Prepares monthly budget and project activity reports for ETS based on information from the Office of Fiscal Services by performing trend analysis on specific budget allocations, tracking and monitoring fiscal activity and identifying funding needs for services utilizing the Financial Information System of California (FI$Cal) data and Excel tracking documents in order to make recommendations for business decisions and to forecast and project future costs and funding needs to ensure budget allotments are properly developed and that expenditures remain within approved authority.

Completes annual Information Technology Cost Report (ITCR) by gathering, validating, and categorizing procurement data on an ongoing basis in order to follow the California Department of Technology (CDT) mandated reporting requirements to ensure compliance with Section 4309.2 of the State Administrative Manual and the Statewide Information Management Manual utilizing Excel, SharePoint, ServiceNow, and Fl$Cal.

Coordinates invoice approvals, and oversees invoices, reverting encumbrances, intrafund billing, and invoices paid through Electronic Fund Transfer by analyzing purchase orders and invoices, maintaining tracking system(s), submitting reports, collaborating with stakeholders and customers, and escalating issues to the Administration Manager in order to monitor ETS' financial status and resolve invoice disputes in accordance with SRF Fiscal Services Directive, Prompt Payment Act per Government Code Section 927, et seq., utilizing Outlook, Excel, SharePoint, Teams, ServiceNow, and Fl$Cal.

Maintains Inter-Agency Agreements (IAA) in collaboration with the Account Analysis Unit by collaborating on the IAA Statements of Work (SOW) to ensure the agreement complies with the State Contracting Manual Volume F (1.A9.0 and 6.8.3), and by completing and submitting billing transmittals in order to bill customers for IT Services provided by ETS to ensure proper monitoring and tracking of expenditures for budgeting purposes and compliance with all applicable laws, policies, and procedures utilizing the Microsoft Office Suite and Fl$Cal.

Perform miscellaneous administrative duties and provide back-up assistance for other administrative staff when they are absent or on assignment by attending team meetings and addressing impromptu customer requests, utilizing ServiceNow, Outlook, MS Teams, and other collaborative tools in order to foster a supportive team atmosphere and to ensure excellent customer service.

Responds to Help desk Incidents by answering phone calls, incoming emails and In-Person visits in order to troubleshoot computer, network and software/hardware related problems and to minimize the impact of IT related incidents on business operations, utilizing Microsoft 0365 to ensure IT support is provided to DGS employees as quickly as possible using our ServiceNow Ticketing system. 

Responds to customer's service requests through the service portal in order to upgrade, improve or deploy applications to deliver the highest level of service support to the customer to ensure customer satisfaction through efficient and professional handling of all service requests utilizing standard IT processes and procedures. 

Assists in the development of process improvements by researching and creating knowledge, articles and guidelines in order to document IT processes and common fixes, and make recommendations to management on business process improvements to ensure increased efficiency and consistency department-wide utilizing Knowledge Centered Services best practices. 

Represents and facilitates the Help Desk unit at meetings in order to relay important information to the ETS team members and management to ensure proper communication and updates.

Communicates guest arrivals and departures regularly to ETS units by email or phone in order to connect customers to the proper resources, to ensure timely professional and friendly customer service by utilizingstrong communication skills.

Provides consultative services as an Information Security subject matter expert, making recommendations throughout DGS by outlining and explaining required security controls through all phases of IT Projects and Systems Development Life Cycle as detailed in Federal Processing Standards, National Institute of Standards and Technology Special Publications, and U.S. Internal Revenue Service Safeguard Computer Security Evaluation Matrix utilizing state standards specifications per State Administrative Manual, Statewide Information Management Manual, and State Health Information Policy Manual, in order to achieve state security risk and compliance objectives, support resilient DGS operations, and maintain a secure cyberspace to ensure compliance with federal, state, and industry information security and privacy regulations, business associate agreements, and statewide compliance reporting.

Plans, organizes, and directs the work of a professional staff by overseeing and supporting information security functions, including the execution of risk assessments, managing security risk Plan of Actions and Milestones, facilitating external compliance audits, independent security assessments, identifying vulnerabilities and threats, investigating suspicious activities, containing the threat and/or damage, in order to meet customer demands and expectations, to ensure value­-added deliverables in a timely and effective manner. 

Plans, develops, implements, and maintains administrative information security controls by incorporating applicable and current federal, state, and industry standards specifications and lessons learned from previous incidents, in collaboration with all units of ETS utilizing control agency policy templates, in order to mitigate information security risks, protecting the enterprise from threats to DGS information assets to ensure compliance with federal, state, and industry regulations. 

Collaborates with ETS management and supervisors on the security incident response process by identifying vulnerabilities and threats, investigating suspicious activities, containing the threat and/ or damage, providing timely communication of the incident's progress to internal and external stakeholders, and documenting lessons learned, in order to manage future security risks and quickly restore IT to normal operations to ensure continued operational support of the DGS enterprise. 

Supervises, directs, develops, and reviews the work of subordinate staff by communicating unit goals and objectives, establishing performance expectations, inputting, reviewing and approving/ denying timesheets, managing staff requests for time off, maintaining adequate staffing, providing direction and information on OHR processes, and developing timely performance evaluations and training plans, in order to provide opportunities for training, promote upward mobility, provide guidance on personnel performance issues, to ensure equal employment opportunities and a harassment and discrimination-free work environment, utilizing Project Accounting and Leave, applicable bargaining unit contract provisions, the Personnel Operations Manual, DGS policies, procedures and guidelines, State Personnel Board and California Department Human Resources' laws, rules and regulations.

Attends webinars and forums organized through trusted partner vendors, and state, and federal entities by networking with other state government IT personnel utilizing various forms of communication and collaboration, in order to participate in security governance, risk and compliance meetings, and workshops to ensure staff stays abreast of industry issues, trends, and practices.

Supports the day to day administration of the Data Protection Program and Privacy Program; evaluates requirements and business needs relating to information assets and record systems of DGS programs and client agencies; develops and maintains appropriate Data Classification and Data Loss Prevention (OLP) policies and control features; works with ISO, ETS, and various program units/teams to create Microsoft 365 users and groups based on data classification and business needs and assigns policies to specific users. 

Provides technical direction, guidance and resolution on projects, activities and initiatives relating to the development and implementation of OLP policies, data classification policies and general privacy requirements into the design, development, configuration or administration of systems, applications, or processes; monitors DLP systems and services escalated tickets from the Helpdesk; develops, communicates and implements new or revised processes, policies, and procedures; recommends process enhancements to ensure continuous improvement. 

Reviews and analyzes data activity events to protect data in accordance with relevant regulations, contractual commitments, and confidentiality requirements; monitors and responds to events generated by DLP systems that involve the potential loss of data; determines if DLP events are triggered by policy violations; defines response rules in the systems; collects and evaluates event metrics to identify trends and defines/maintains KPIs and metric reporting; logs and reports DLP violations and statistics to management and works with programs to resolve issues with events triggering the DLP alert or violation; conducts periodic audits to determine the level of compliance with privacy and pertinent security policies by running specialized DLP reports and interpreting the findings. 

Evaluates potential privacy risks of systems and those associated with third-party vendors and partners through risk assessments and due diligence of privacy practices; assesses contract risk and alignment with departmental privacy policy and regulatory requirements; develops and implements processes for monitoring and mitigating third-party privacy risks; implements privacy-related tasks and activities under the DGS/ISPO third-party risk management program, including due diligence assessments, Privacy Threshold Assessments/Privacy Impact Assessments, risk assessments and ongoing monitoring; collaborates with procurement and legal teams to ensure privacy requirements are included in contracts and agreements with third parties. 

As a member of the DGS Security Incident Response Team for handling privacy and security incidents, complete assigned facets of the incident response including conducting interviews, reviewing or drafting reports, analyzing data, preparing breach notification letters, documenting lessons learned, and addressing privacy risks or issues to resolve incidents in a timely manner and identifying needed improvements; provides DLP trigger information for security and privacy incidents; supports or initiates DLP issue remediation activities based on incident investigation and analysis data, including DLP solution vulnerabilities that were exploited; recommends/implements additional controls or corrective action to address the risks identified and inform subsequent response efforts.

Maintains professional and technical knowledge and ensures the continuing development of privacy solutions that are maintainable, extensible, optimized, and secure; conducts and delivers training and awareness campaigns for DGS programs on data privacy and protection; provides DLP training to DGS program areas to ensure data is accurately classified, document labels are correctly and consistently applied, and data is protected from loss.

Perform other duties as assigned by the Privacy Officer, including but not limited to, meetings with professional organizations, researching technology and privacy trends and best practices, and staying updated on privacy-related threats, attack vectors, and tactics techniques and procedures.

Provides subject matter expertise in endpoint protection and security across enterprise and cloud platforms by participating in the implementation, installation, upgrading, testing, monitoring and troubleshooting of enterprise endpoint protection system, reviewing and monitoring vendor best practices, and technical and internal documentation in order to secure DGS assets and ensure a safe and protected computer and server environment utilizing endpoint security systems.

Resolves computer and server endpoint protection issues enterprise-wide by providing expert technical and forensic support to the Deputy Chief Information Security Officer (DCISO), DGS Help Desk, Server teams, satellite offices and mobile workforce in order to provide continuous uninterrupted operations, and the highest level of security for the computer and server systems department-wide, and to ensure reliable and consistent protections for the DGS users and its customers.

Collaborates with the Desktop, Server, and Application teams in designing innovative solutions by analyzing and maintaining the enterprise endpoint security system, coordinating infrastructure system specifications, upgrades and maintenance, and resolving the most complex technical/ forensic issues for the endpoint protection and scanning systems, utilizing collected forensic data, patching and version upgrades in order to sustain a supportable and uniform security infrastructure for the department to ensure the enterprise endpoint protection systems are up-to-date and protects all relevant DGS assets.

Assists other ISO team members as a backup for other security related tools by supporting key security systems utilizing password vault, vulnerability management system, Security Information and Event Management and other tools etc., in order to uphold and maintain technical knowledge, and ensure continuity of operations for all users of this critical data.

Leads independent research and studies by attend job-related educational workshops and trainings in order tomaintain professional and technical knowledge of new technologies and to ensure the continuing development of solutions that are maintainable, extensible, optimized, and secure.

Develops and maintains security policies, standards, and procedures based on industry best practices and regulatory requirements. Act as a subject matter expert on Security Control frameworks such as SAM/SIMM, NIST 800-53, IRS Publication 1075 and HIPAA; Conducts regular reviews and updates of security policies to address emerging threats and technology advancements; Assesses the effectiveness of existing security controls through regular reviews and audits; Identifies vulnerabilities and weaknesses in the organization's security posture and develops remediation plans, and monitors progress towards achieving compliance through a Plan of Action and Milestones (POAM); Works closely with stakeholders to develop risk mitigation strategies and implement security controls to minimize identified risks; Monitors and analyzes relevant security legislation, regulations, and standards; Assesses the impact of new or updated security regulations on the organization's policies, procedures, and controls; Provides recommendations on maintaining compliance with applicable security requirements.

Develops and delivers security awareness programs to educate employees on security best practices, policies, and procedures; Designs and delivers training sessions on various security topics, including data protection, password hygiene, and social engineering awareness; Plans and executes simulated phishing campaigns to assess the organization's susceptibility to social engineering attacks; Analyzes the results of phishing simulations to identify areas for improvement and develop targeted training and awareness initiatives.

Evaluates the security posture of third-party vendors (Software as a Service and Commercial of the Shelf) and partners through risk assessments and due diligence of privacy and security practices; Assesses contract risk and alignment with departmental security policy and regulatory requirements; Develops and implements processes for monitoring and mitigating third-party security risks; Develops and implements a comprehensive third-party risk management program, including due diligence assessments and ongoing monitoring; Collaborates with procurement and legal teams to ensure security requirements are included in contracts and agreements with third parties.

Assists in the development and maintenance of an incident response plan; Participates in security incident response activities, including incident detection, analysis, containment, eradication, and recovery; Collaborates with relevant teams to ensure effective incident response and coordination.

Performs other duties as assigned by the DGS Deputy Chief Information Security Officer, including but not limited to, meetings with professional organizations, researching IT security trends and best practices, and staying updated on the latest security threats, attack vectors, and tactics techniques and procedures.