Client - ITPA 11



CS-214REV 8/20071.Position CodeITPRANEL45NState of MichiganCivil Service CommissionCapitol Commons Center, P.O. Box 30002Lansing, MI 48909Federal privacy laws and/or state confidentiality requirements protect a portion of this information.POSITION DESCRIPTIONThis form is to be completed by the person that occupies the position being described and reviewed by the supervisor and appointing authority to ensure its accuracy. It is important that each of the parties sign and date the form. If the position is vacant, the supervisor and appointing authority should complete the form.This form will serve as the official classification document of record for this position. Please take the time to complete this form as accurately as you can since the information in this form is used to determine the proper classification of the position. THE SUPERVISOR AND/OR APPOINTING AUTHORITY SHOULD COMPLETE THIS PAGE.2.Employee’s Name (Last, First, M.I.)Vacant8.Department/AgencyDepartment of Technology, Management & budget3.Employee Identification Number9.Bureau (Institution, Board, or Commission)Infrastructure & Operations4.Civil Service Classification of PositionInformation Technology Programmer/Analyst P1110.DivisionEnterprise Services5.Working Title of Position (What the agency titles the position)IT Programmer/Analyst11.SectionControls, Assessment and Compliance6.Name and Classification of Direct SupervisorJosh Pederson – IT Manager 1412.UnitAssessments, Reporting, and Metrics7.Name and Classification of Next Higher Level SupervisorDarlene Dawley – State Administrative Manager 1513.Work Location (City and Address)/Hours of Work515 Westshire, Lansing, MI 48917/ 8:30am – 5:00pm; Monday-Friday or variation14.General Summary of Function/Purpose of PositionThis position is a junior level worker in the Controls, Assessment and Compliance Group. As an IT Programmer Analyst, the employee performs a range of activities to support standards and compliance within the Department of Technology, Management, and Budget (DTMB) Infrastructure & Operations (I&O) Division. The team is responsible for guiding control self-assessments in the I&O bureau along with reporting and metrics. This position works with information relating to cybersecurity and internal control frameworks (i.e. NIST, COBIT, CIS). The person will work closely with senior level staff on various compliance tasks, Policy, Standards, and Procedures (PSP), assessments, and System Security Plans (SSP). This position will work with I&O Divisions on System Security Plans (SSP) and Governance Risk and Compliance (GRC). For Civil Service Use Only15.Please describe your assigned duties, percent of time spent performing each duty, and explain what is done to complete each duty.List your duties in the order of importance, from most important to least important. The total percentage of all duties performed must equal 100 percent.Duty 1General Summary of Duty 1:% of Time 75 Assist senior level staff on assigned tasks to meet compliance with the State of Michigan’s policies, standards, and procedures within the I&O Divisions.Individual tasks related to the duty.Assist with the System Security Plans for the Infrastructure & Operation Divisions of DTMB.Review System Security Plans for completeness. Assist senior staff with internal control self-assessments.Review Security Event Information Management (SEIM) software daily logs.Assist all Local Cross Functional Review Team (LCFRT) members or senior staff on updating policies, standards, and procedures.Assist in quality assurance and review of existing policies, standards, and procedures that impact I & O to ensure alignment with national standards, regulatory requirements, and best practices.Duty 2General Summary of Duty 2: % of Time 20Assist senior level staff with providing operational and compliance reports to I & O sections.Individual tasks related to the duty.Maintain the Capstone Learning Management System (LMS) for CAC.Provide guidance to I&O sections about the Capstone Learning Management System (LMS).Review dashboards for I&O operational & compliance metrics.Assist senior staff with creating new reports and reporting opportunities.Duty 3General Summary of Duty 3:% of Time 5Other duties as assigned.Individual tasks related to the duty.Other duties as assigned.16.Describe the types of decisions you make independently in your position and tell who and/or what is affected by those decisions. Use additional sheets, if necessary.This position operates under the direction of senior level staff.17.Describe the types of decisions that require your supervisor’s review.Plan, develop, coordinate and implement internal control self-assessments to mitigate the risk of audit findings in the I&O Division. Evaluate, plan, develop, coordinate, and implement reports and metrics to be shared throughout the State of Michigan (SOM).Decisions that are politically sensitive in nature, have a major budget or financial implication, or have strategic technical implications require the supervisor’s review.18.What kind of physical effort do you use in your position? What environmental conditions are you physically exposed to in your position? Indicate the amount of time and intensity of each activity and condition. Refer to instructions on page 2.Normal Office Environment19.List the names and classification titles of classified employees whom you immediately supervise or oversee on a full-time, on-going basis. (If more than 10, list only classification titles and the number of employees in each classification.)NAMECLASS TITLENAMECLASS TITLE20.My responsibility for the above-listed employees includes the following (check as many as apply):Complete and sign service ratings.Assign work.Provide formal written counseling.Approve work.Approve leave requests.Review work.Approve time and attendance.Provide guidance on work methods.Orally reprimand.Train employees in the work.21.I certify that the above answers are my own and are accurate and complete. SignatureDateNOTE: Make a copy of this form for your records.TO BE COMPLETED BY DIRECT SUPERVISOR22.Do you agree with the responses from the employee for Items 1 through 20? If not, which items do you disagree with and why?Manager prepared.23.What are the essential duties of this position?This position’s duties will include assisting senior staff with PSP review, SSP review, reviewing compliance reports, and providing guidance on which regulatory requirements need to be implemented to meet compliance with the SOM.Critical Job Role: Assist in directing all internal control self-assessments and reviewing all SSPs for I & petencies: Technical and Professional Knowledge, Initiating Action, Customer Focus, Communication, Planning and Organizing Work, and Adaptability. 24.Indicate specifically how the position’s duties and responsibilities have changed since the position was last reviewed.This position will have a much-reduced role in audit finding remediation. The position will have an increased focus on control self-assessments and SSP review.25.What is the function of the work area and how does this position fit into that function?The function of the unit is to provide expertise in internal control self-assessments and reporting and metrics to all divisions in I & O. It includes implementation, maintenance, and enhancements of the Department’s GRC infrastructure. This area is responsible for control self-assessments, maintaining standards and procedures, and providing compliance reports and metrics for I & O.26.In your opinion, what are the minimum education and experience qualifications needed to perform the essential functions of this position?EDUCATION:Possession of a Bachelor’s degree with 21 semester (32 term) credits in one or a combination of thefollowing: computer science, data processing, computer information systems, data communications,networking, systems analysis, computer programming, information assurance, IT project managementor mathematics.EXPERIENCE:No specific amount or type is rmation Technology Programmer/Analyst P11 - 12Possession of an Associate’s degree with 16 semester (24 term) credits in computer science,information assurance, data processing, computer information, data communications, networking,systems analysis, computer programming, IT project management, or mathematics and two years ofexperience as an application programmer, computer operator, or information technology technician; ortwo years (4,160 hours) of experience as an Information Technology Student Assistant may besubstituted for the education requirement.OREducational level typically acquired through completion of high school and four years of experience asan application programmer, computer operator, information technology technician, or four years (8,320hours) of experience as an Information Technology Student Assistant may be substituted for theeducation requirement.KNOWLEDGE, SKILLS, AND ABILITIES:An understanding and working knowledge of GRC, Windows and Linux operating systems, and security, compliance and standards related to NIST, COBIT, and CIS, etc.The ability to understand and analyze problems in the SOM environment and provide solutions. Maintain expertise in security techniques and advise service and application owners of compliance changes. Keep up to date on the latest security bugs and fixes by actively subscribing to security listservs such as SANS and CERT.ITIL Foundation certification within first six months of taking position. COBIT certified in the first year or two of taking position.CERTIFICATES, LICENSES, REGISTRATIONS:Possess ITIL Foundations certificate within six months of employment.NOTE: Civil Service approval of this position does not constitute agreement with or acceptance of the desirable qualifications for this position.27.I certify that the information presented in this position description provides a complete and accurate depiction of the duties and responsibilities assigned to this position. Supervisor’s SignatureDateTO BE FILLED OUT BY APPOINTING AUTHORITY28.Indicate any exceptions or additions to the statements of the employee(s) or supervisor.29.I certify that the entries on these pages are accurate and complete. Appointing Authority’s SignatureDate ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download