Job Description
Job Description and Duties
Under the general direction of the Deputy Chief Information Security Officer (DCISO), an Information Technology Supervisor II in the Information Security Office (ISO), the incumbent performs State Controller’s Offices (SCO) Information Security Program activities, such as, security risk management to ensure SCO business and technical environments have and maintain an appropriate security posture. Additionally, as an Information Security Program Specialist the incumbent will provide information security consultative or administrative services to the SCO regarding security awareness training and education, security compliance, policy and procedure development, security incident management, physical security and Mainframe access control.
Duties Performed:
(Candidates must perform the following functions with or without reasonable accommodations.)
- Physical Security Systems Administration – As part of physical security administration, responsibilities include managing and supporting systems like CCure for electronic badging and access control, alarm and intrusion detection, and video surveillance platforms like ExacqVision or similar solutions, as well as ISTAR or equivalent access control panels. Duties involve processing and managing badge requests, access changes, clearances, and terminations in compliance with approved policies. Additionally, monitoring alarms, alerts, and system activity is essential, along with investigating and documenting physical security events and access violations. Regular reviews of badge access, clearance levels, alarm activity, and video monitoring logs are conducted to ensure security integrity. The role also requires responding to after-hours and on-call physical security alarms and incidents when necessary, and coordinating with vendors and contractors for system maintenance, troubleshooting, and upgrades. Also, Administer and execute the SCO ISO’s Physical Security Program. Respond, identify and resolve complex physical security system change requests, alarms, and other physical security system issues. Monitor and review physical security system performance.
- Physical Security Program Support - Responsibilities include assisting with the development, maintenance, and updating of physical security policies, procedures, and documentation to ensure alignment with State and NIST guidelines. This role involves conducting basic physical security risk assessments and supporting corrective action efforts to mitigate identified vulnerabilities. Additionally, guidance is provided to staff regarding badging, access control, and overall physical security requirements. Maintaining accurate and up-to-date documentation for physical security systems, configurations, and workflows is also a key responsibility to ensure compliance and operational efficiency. Also, performing routine testing of alarms, access control systems, and video surveillance equipment to ensure proper functionality. This role involves identifying system issues and escalating or coordinating resolution with senior staff or vendors as needed. Additional duties include assisting with system integrations and implementing changes that impact physical security platforms, as well as tracking incidents, outages, and system modifications for accurate reporting and follow-up.
- Incident Management - Efficiently and effectively respond to, investigate, and report information security incidents within the SCO’s business and information asset environments. Observe and enforce SCO’s incident management program defined policies, processes, procedures; work with program-identified resources to prepare for and prevent incidents; detect, report, and analyze possible or known incidents; contain and eradicate discovered incidents; recover from incidents; and prepare lessons learned from incidents identify program or process improvement. The role also involves performing various technical or administrative tasks for the Information Security Office (ISO) to ensure smooth operations. Additionally, this position serves as backup support to other ISO team members during periods of high workload, helping maintain continuity and efficiency across the team.
- Security / Privacy Awareness Training & Education – Plan, prepare and provide security and privacy awareness training and education to SCO managerial, supervisory, business, technical and contractor staff; translate the organization’s security / privacy values and requirements into operational environments, ensure compliance with legal and statutory requirements and provide a framework for security posture assurance actions.
- Miscellaneous Division Support - Assist with division technical duties in various program areas to support organizational needs using a variety of skills and software.
You will find additional information about the job in the .
Working Conditions
The incumbent may be required to work outside of normal business hours to meet project deadlines or respond to urgent security incidents. Additionally, occasional travel to locations outside of the Sacramento area may be necessary, with overnight stays possible depending on the requirements of specific assignments or projects.
This position is located at The Emerald Tower on Capitol Mall, steps from Tower Bridge and is walking distance to the State Capitol. The building offers affordable monthly parking, employee gym access, an amenities center, and a beautiful mid-tower garden terrace. It is conveniently situated only blocks from Old Sacramento, numerous restaurants, a seasonal farmer’s market, and the Crocker Art Museum. Overlooking the Golden 1 Arena and Downtown Commons, the office is accessible from Sacramento Regional Transit’s light rail and bus systems, with convenient access to I-5, I-80, US 50 & US 99.
This position is eligible for hybrid telework under California Government Code Section 14200 for eligible applicants residing in California. All telework schedules are subject to change and may be reevaluated at any time. Specific telework arrangements may be discussed in more detail with the respective hiring manager. Telework does not change the terms and conditions of employment, the essential functions of job duties, or required compliance with the State Controller's Office policies.
Special Requirements
A resume is required.
A copy of your degree, transcripts, or degree evaluation is required.
A Statement of Qualifications is required; please see ‘Required Application Package Documents’ for instructions.
Take the required examination here: Information Technology Specialist I Examination
Desirable Qualifications
In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:
- Education: A bachelor's degree in computer science, information technology, cybersecurity, or a related field.
- Certifications: One or more industry-standard certifications, such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).
- Experience: 2+ years of experience in cybersecurity or a related field. This experience can be gained through previous employment in an IT or cybersecurity role or through internships and other relevant work experience.
- Technical skills: Strong understanding of computer systems, networks, and security protocols. Be well-versed in a variety of cybersecurity tools and technologies, such as firewalls, intrusion detection systems, and vulnerability scanners.
- Soft skills: Possess strong communication, problem-solving, and critical thinking skills. Be able to work well under pressure, collaborate effectively with others, and stay up-to-date with the latest cybersecurity trends and threats.
Benefits
Benefit information can be found on the CalHR website and the CalPERS website.
Required Application Package Documents
The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:
- Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at
All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
- Resume is required and must be included.
- Degree and/or School Transcripts
- Statement of Qualifications -
A Supplemental Questionnaire consists of a series of questions for obtaining an applicant’s qualifications and experience in job-related areas. The Supplemental Questionnaire must be titled “Supplemental Questionnaire” at the top of the first page, typed in a minimum of 12-point font, single spaced, on standard sized paper (8.5" X 11"), and no more than 2 page(s) in length. Applications submitted without the required Supplemental Questionnaire will be considered incomplete and will not be considered for this position.
1. What are some common physical security controls and measures that can be implemented to protect sensitive information and assets?
2. Explain your experience developing or maintaining physical security policies and procedures aligned with State or NIST guidelines. How have you conducted physical security risk assessments, and what corrective actions or mitigation strategies did you implement?3. Provide an example of a time you responded to a physical security incident or system failure. How did you assess the situation, communicate with executives or stakeholders, and ensure timely resolution? What was your role and the outcome?
Job Tags
Permanent employment, Full time, For contractors, Work experience placement, Internship, Seasonal work, Work at office, Remote work, Night shift,