Posting Details
The Office of Cybersecurity (OCS) has the essential role and responsibility for the State of New Mexico (SoNM) Information Technology (IT) security program in coordination with state agencies. The administrative code (1.12.20 NMAC) and federal oversight requires state agencies to perform procedures necessary to ensure the security of information systems and federal data sets are protected from cyberattacks.
To maintain an adequate security posture by developing appropriate IT security policies, standards, and procedures with periodic updates to accurately reflect ever changing technology, legislative and user needs.
The OCS has the responsibility in protecting and monitoring the State of New Mexico's technology infrastructure and digital assets, including state agencies, mission critical systems and data.
Cyberattacks are dramatically increasing, and cybersecurity operations are facing new challenges. Cybersecurity is not just an IT problem anymore, it is a critical business risk, homeland security and public safety threat, voter confidence issue, and an economic development opportunity.
Technology continues to evolve, the cybersecurity landscape is constantly changing, increasing potential vulnerabilities and risk. Therefore, it is essential for the State Chief Information Security Officer (CISO) to secure additional security analysts to support the Office of Cybersecurity.
This posting will be used for ongoing recruitment and may close at any time. Applicant lists may be screened more than once.
Why does the job exist?
The Senior Security Analyst plays a critical role in advancing the mission of the Office of Cybersecurity (OCS) to protect the State of New Mexico's digital infrastructure. This position is responsible for overseeing the security of information systems and ensuring that services, vendors, and stakeholders meet all applicable legal, safety, and quality standards.
Key responsibilities include:
Developing and implementing proactive cybersecurity and AI compliance strategies
Identifying and addressing potential compliance risks
Introducing and improving technologies and processes to strengthen security posture
Leading surveillance, monitoring, and incident response strategies
Providing consultative and training services with a security-first focus
The analyst will also manage cybersecurity services delivered to state agencies, K-12 public schools, higher education institutions, local governments, and tribal entities. These services include:
Security Operations Center (SoNM agencies only)
Vulnerability management
Attack surface management
Penetration testing
User security awareness training
This role ensures that OCS remains a trusted partner by driving effective security strategies and maintaining a strong compliance and risk management framework across the state's digital ecosystem.
How does it get done?
The Senior Security Analyst is responsible for safeguarding the confidentiality, integrity, and availability of the State of New Mexico's information systems. This role supports the Office of Cybersecurity by leading and executing a wide range of security operations, compliance, and incident response activities.
Security Governance and Compliance
- Develop, implement, and enforce enterprise security policies, standards, and procedures
- Support the creation and review of cybersecurity documentation, including:
- Security policies and procedures
- Information system security plans (ISSPs)
- Incident response and disaster recovery plans
- Configuration and change management plans
- Ensure compliance with NIST 800 series and other applicable frameworks
- Interpret and communicate regulatory and compliance requirements to stakeholders
AI Governance, Risk, and Compliance
- Establish, maintain, and operationalize governance structures to ensure AI systems are developed, deployed, and used securely, ethically, and in alignment with legal, regulatory, and organizational requirements.
- Develop, review, and refine AI related policies, standards, and guidelines consistent with emerging state and federal regulations.
- Support design and implementation of AI governance frameworks, including lifecycle oversight, documentation requirements, transparency expectations, and risk tiering processes.
- Identify, evaluate, and track AI related risks such as model bias, data protection concerns, misuse scenarios, vendor exposure, and operational security issues.
- Review and assess third party AI tools and platforms for security, privacy, and governance compliance; support procurement evaluations and implementation decisions.
- Monitor legislative and regulatory developments and assist with readiness and compliance alignment.
- Provide cross functional governance, policy, compliance, and risk subject matter support to OCS projects (non engineering).
AI Development Governance Support
- Contribute to governance processes that oversee responsible AI system development, documentation, and operational controls.
- Ensure compliance with OCS AI System Inventory, risk tier classification workflows, and Gen AI security authorization requirements.
Security Orchestration, Automation, and Response (SOAR) Enablement
- Use automation and orchestration to improve SOC workflow efficiency, precision, and scalability.
- Support development and enhancement of standardized playbooks and automated response flows to reduce MTTD/MTTR and strengthen enterprise resilience.
- Partner with SOC stakeholders to integrate SOAR-driven improvements into monitoring, alert handling, and incident response programs.
Security Operations Center (SOC) and Monitoring
- Monitor systems and logs using SIEM tools to detect and respond to anomalies
- Conduct threat hunting and analyze indicators of compromise (IOCs)
- Review and update security tools to block malicious IPs and signatures
- Escalate incidents and coordinate with state agencies and third-party partners
- Maintain documentation of all actions taken during investigations
Risk Management and Incident Response
- Conduct risk assessments
- Lead or support investigations into cybersecurity incidents
- Coordinate with internal and external teams to resolve incidents in line with policy
- Recommend and implement technical solutions to mitigate identified risks
Security Services and Technical Oversight
- Oversee services such as:
- Vulnerability Management as a Service (VMaaS)
- Attack Surface Management (ASM)
- Penetration testing
- User security awareness training
- Participate in the design of secure infrastructure and application solutions
- Provide input on disaster recovery planning and business continuity
Stakeholder Engagement and Training
- Deliver security awareness training and track participation
- Respond to security inquiries, assessments, and questionnaires from agencies and partners
- Build trusted relationships across state agencies, educational institutions, and tribal entities
Who are the customers?
The State Chief Information Security Officer, State of New Mexico agencies, K-12 public school districts, higher educational institutions, local governments, and tribal entities.
Ideal Candidate
The State Chief Information Security Officer, State of New Mexico agencies, K-12 public school districts, higher educational institutions, local governments, and tribal entities.
Minimum Qualification
Bachelor's degree in Computer Science, Management Information Systems (MIS), Information Technology, Engineering, or similar technical degree and three (3) years of experience in IT security or compliance validation (e.g., HIPAA, PCI). Any combination of education from an accredited college or university in a related field and/or direct experience in this occupation totaling seven (7) years may substitute for the required education and experience. A certificate in IT security/forensics (e.g., CISSP, CEH, CCFP, CCSP, HCISPP, SSCP) or regulated compliance (e.g., PCIP, ASV, ISA, QSA) can be used to substitute one (1) year of experience.
Employment Requirements
Must possess and maintain current ID or Driver's License. Pre-employment background investigation is required, and employment is conditional pending results.
Working Conditions
Work will be performed in an office environment. Many requests will arrive by phone or in-person and the person must be able to speak and respond to the requester clearly. The person will work extended periods seated in front of a computer. The person must be able to operate a computer, keyboard, and mouse. Position requires occasional 1) travel, 2) night/weekend/holiday work, and 3) call-back work.
Supplemental Information
Do you know what Total Compensation is? Click here
Agency Contact Information: Natisha Montoya @ (505) 490-7236 or Email
For information on Statutory Requirements for this position, click the Classification Description link on the job advertisement.
Bargaining Unit Position
This position is not covered by a collective bargaining agreement.