California State Controller's seal

(6323) Associate Information Systems Analyst (Specialist)

Applicants with disabilities who need reasonable accommodations, such as a Sign Language interpreter, a reader, or assistance attending an interview please call (916) 323-3055.


$5,022.00 – $6604.00


Ramon Machado, (916) 323–8134

Information Systems Division
300 Capitol Mall, Suite 634
Sacramento, CA 95814

October 3, 2017

Application Information:

Individuals who are currently in this classification, or are eligible for lateral transfer or promotion, or are reachable on a certification list may apply.  

For permanent positions, SROA and surplus candidates should attach “surplus letters” to their application.  Failure to do so may result in your application not being considered.

Submit application package electronically via your CalCareers account or to address below:  

State Controller’s Office
Human Resources Office
ATTN: Classification Unit - JM
300 Capitol Mall, Ste. 300
Sacramento, CA 95814

Application package must include all the required documents.  Mailed application package must include either ARF # 18-036 Position #051-340-1470-073 in the job title section.  Application received without this information may be rejected. 


Looking for a job that you can feel passionate about?  Looking for work in an inviting work environment?  If you are interested in working in a fast-paced environment surrounded by enthusiastic and self-motivated people, then look no further!  The Office of the State Controller (SCO) is the destination Constitutional employer within the State of California.

Applications will be screened and only the most qualified will be interviewed. Application must include “to” and “from” employment dates (m/d/y), hours per week, and prior employer contact information including contact number.  Applications received without this information may not be considered for this position.

The selected candidate considered for the advertised position will be required to undergo a fingerprint clearance and any offer of employment will be contingent upon live scan fingerprint results.

Scope of Position:
Under the supervision of the State Controller’s Office (SCO) Chief Information Security Officer (CISO), a Data Processing Manager III, the Associate Information Systems Analyst (Specialist) participates in the functions of the SCO Information Security Program.  Incumbent is responsible for providing administrative and technical assistance to the Information Security Office (ISO) in the administration, analysis, design, development, and implementation of the Departmental and Statewide standards regarding Mainframe access control; information asset and business operation privacy and security risk, compliance and vulnerability management and monitoring, and SCO facility physical security.  This has an immediate and direct on-going impact on the accomplishment of the Mission and Business Objectives of the ISO and the State Controller’s Office.  Knowledge of Resource Access Control Facility (RACF), risk management, information security practices, technology, and vulnerability management are desirable.

Duties and Responsibilities:
(Candidates must perform the following functions with or without reasonable accommodations.)

Assist in the implementation of the Risk Management Framework (for privacy and security control planning, certification assessment and monitoring) requirements for SCO business operations and new information assets or information assets that are undergoing substantial redesign or modification, including both in-house and outsourced solutions and document and maintain records for them. 

Assist in conducting security impact level and applicable SCO Information Security Standards and statutory mandate analysis to develop, document, and refine privacy and security control functional requirements and specifications. Identify security requirements specific to an IT system in all phases of the System Life Cycle. Assist in conducting certification reviews and compliance assurance assessments. Monitor and evaluate business operations and information asset compliance with SCO Information Security Standards, statutory and regulatory mandates, as well as, security impact level appropriate privacy and security control requirements. 

Administer SCO physical security infrastructure resources including, performance, capacity, availability, serviceability, and recoverability. Conduct or monitor periodic physical security infrastructure testing, upgrade and maintenance. Plan and coordinate the installation of new or modified physical security infrastructure resources. Administer facility access badge accounts in accordance with information asset owner authorizations. Administer facility surveillance systems in accordance with standard operating procedures. Develop and document physical security infrastructure administration standard operating procedures. 

Perform and provide Resource Access Control Facility (RACF) administration services for the SCO’s Mainframe production environments and resources. Create, modify, resume, reset and delete user ID’s for various SCO Mainframe production environments and resources. Create, edit, update, and document individual and group security profiles based on information asset owner authorization. Diagnose and report RACF malfunctions relevant to authentication, access and use authorizations of individual and group security profiles for various SCO Mainframe production environments and resources, as appropriate (Level 1 Support). Execute scripts or programs on a variety of operating systems and/or directory management platforms (e.g., AIX/Unix/Linux, TSO, JES, IDMS, RACF) to manage individual and group security profiles. Develop and maintain documented processes, procedures and workflows for RACF Help Desk (Level 1 Support) administration services for the SCO’s Mainframe production environments and resources.

Assist in technical evaluations of RACF methodologies or solutions for SCO authentication of individuals and information assets conducting business with the SCO’s Mainframe production environments and resources documenting feasibility, security posture risk, capabilities, vulnerabilities and compliance with SCO Information Security Program Standards and applicable security requirements. 

Assist in the development and maintenance of documented processes, procedures and workflows for Mainframe RACF security assessments. Conduct periodic reviews of individual and group security profile account access. Establish and maintain identification of security group and information asset ownership.  Establish and maintain a list of security group and individual user access.  Audit individual and group security profile account access against information asset owner authorizations. Assist in the assessment of the security of the SCO’s Mainframe production environments and resources access control and authentication systems.

Assist in conducting vulnerability and configuration appraisals, assessments and validations of SCO owned and leased IT information assets, websites, resources and applications. Document the security posture and configuration of SCO IT Information assets, websites, resources and applications; document identified vulnerabilities and configuration deviations and weaknesses, and recommend actions to correct and mitigate risk(s).  

Design curriculum and course content for interactive privacy, security education, and awareness training. Plan classroom techniques, and formats (e.g., lectures, demonstrations, interactive exercises, multimedia presentations) for the most effective learning environment.  Plan non-classroom educational techniques and formats (e.g., video courses, personal coaching, and web-based courses).

Deliver training courses tailored to the audience and environment.  Explain or provide guidance on laws, regulations, policies, standards, or procedures to management, personnel, or clients.  Demonstrate privacy and security control concepts, procedures, software, equipment, and technology applications to coworkers, subordinates, or others. 

Evaluate the effectiveness and comprehensiveness of existing education and training programs. Revise curriculum end course content based on feedback from previous education and training sessions.

Respond to physical security events / alarms after normal business hours (8:00am to 5:00pm M-F).  Provide guidance and direction to law enforcement, SCO management staff and facility Lessors, during facility physical security events/alarms. Ensure SCO facilities are returned to a secure state, after a physical security event/alarm or incident.  Maintain accurate documentation of all physical security events/alarms and incidents. 

The State of California is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding and related medical conditions), and sexual orientation. Rev. 7/17