Director of Security & Investigations

State of Colorado Job Opportunities - Denver, CO

Full-time | Part-time
Department Information

THIS ANNOUNCEMENT IS BEING EXTENDED TO NOV 15, 2019 IF YOU HAVE ALREADY APPLIED NO NEED TO RE-APPLY

The Colorado Department of Revenue (CDOR) employs approximately 1,600 hard-working and dedicated employees throughout Colorado. We can be seen performing functions as varied as auditing and collecting taxes, issuing driver licenses and motor vehicle titles, marketing lottery products, and regulating liquor, gaming, horse racing, marijuana, and the auto industry in order to assist the citizens of our state.

CDOR Vision
To empower businesses and individuals through quality customer service, innovation and collaboration.

CDOR Mission
To become a trusted partner to every Coloradan to help them navigate the complexities of government so they can thrive.

The Department of Revenue offers 10 paid holidays per year, paid vacation and sick leave, discounted RTD Eco-Pass, BenefitHub program (discounted merchandise, food and travel, etc), CafeWell, employee wellness program and a great benefit package.

Colorado Lottery Division

The Colorado Lottery was created after voters passed a 1980 referendum to revise the Colorado Constitution and allow for the establishment of state-supervised lottery games. In 1982 Senate Bill 82-119 created the Lottery as a division within the Department of Revenue. The bill also established the Lottery Commission, which works with Lottery management to protect the public interest and trust in the Lottery, as well as to maximize the sales revenue generated from lottery games. The Lottery is a cash-funded enterprise for budget and Taxpayer's Bill of Rights (TABOR) purposes.

The Lottery's mission is to maximize the proceeds from Lottery game sales to support the Lottery's beneficiaries for the good of all Coloradans. All over Colorado there is evidence of projects that were funded with Lottery proceeds. Great Outdoors Colorado Trust Fund (GOCO), Conservation Trust Fund (CTF), Colorado Parks and Wildlife (CPW) and the Building Excellent Schools Today (BEST) fund receive annual proceeds generated by lottery sales.

The Lottery is headquartered in Pueblo, as required by statute. The Lottery also has satellite offices in Denver, Fort Collins, and Grand Junction. The Lottery employs approximately 100 full-time equivalent (FTE) staff, organized into the following units: Administration, Sales, Marketing, Security & Investigations, Fiscal, Operations & Development.

Description of Job

The Security & Investigations unit ensures the physical and technological security of the Lottery Division, including background checks, cyber-security, system integrity and oversight of audits; conducts criminal investigations and integrity stings to enforce Colorado criminal laws and Lottery regulations/policies; processes all applications for retailer licenses and renewals to sell Lottery products; enforces administrative compliance by retailer licensees with Lottery regulations, policies and retailer license agreements.

As Director of Security & Investigations for the Colorado Lottery, this position will be tasked with the following:

SECURITY PLAN ARCHITECTURE and PLAN REVIEW

Develop and submit to the Senior Director and Deputy Senior Director for approval the Security Strategic Plan implemented by the Lottery for games, draws, promotions, claims, gaming system, and logical and physical security.
Research and identify methods to reduce the levels of threats to the gaming integrity of the Colorado Lottery.
Monitor potential security vulnerabilities to the lottery and stay abreast of best practices in the Lottery industry to combat them.
Create and update procedures, measures and protocols for use in managing security situations.
Review and recommend amendments to statutes and administrative rules that pertain to Lottery security. This may include testifying and presenting to legislative members and committees.
Continuously review and update Lottery Security & Investigations procedures to ensure compliance with all regulated and unregulated standards pertaining to the responsible operation of the Colorado Lottery. Recommend amendments to current procedures and new procedures.
Ensure continued Colorado Lottery membership in Multistate Lottery Association (MUSL) by engaging in security practices compliant with MUSL rules, regulations and other guidance material.
Develop and maintain reporting measurements and metrics on information security governance in the organization.
Review, maintain, and continually enhance regulations and procedures ensuring the proper separation of duties for Information Security Operations, Information Security Management, and Information Security Oversight
Develop, maintain, and assist in executing Strategic, Tactical, and Operational goals.
Develop and manage the Security & Investigations Unit budget.

TECHNOLOGY and CYBER-SECURITY
Oversee reviews and audits of all information technology gaming systems to ensure the security and integrity of the systems.
Provide system oversight and responsible for gatekeeper duties regarding the development and access to all files and components of the gaming systems.
Oversee efforts to prevent Cyber security attacks on databases, networks, hardware, firewalls and encryption software and hardware used in blocking intruders from accessing, divulging and/or compromising proprietary Lottery game data
Oversee reviews and audits of all information technology gaming systems to ensure the security and integrity of the systems.
Provides system oversight and oversees gatekeeper duties regarding development and access to all files and components of the gaming systems.
Oversees efforts to prevent Cyber security attacks on databases, networks, hardware, firewalls and encryption software and hardware.
Collaborate with OIT and others on protections and mitigations to combat the threat of cybercrimes.
Conduct interviews of those people involved in an event or incident. Develop and maintain procedures on proper evidence collection and retention.
Maintain awareness of potential cyber-attack technologies, methods and signatures.
Develop, maintain and review organization wide cybercrime metrics including trends and collaborate with OIT and other business owners to identify needed technology or process enhancements.
Participate in cyber security review of vendors.
Oversee Security of Lottery games and adherence to MUSL standards.
Manage assigned staff by setting clear performance expectations, providing training, completing timely performance reviews, filling vacancies, coaching, mentoring and disciplining where appropriate to ensure compliance with DOR policies and state law.
Establish and lead corporate -wide information security awareness programs, monitor advancement, facilitate progress and report status.
Implement approved external and internal information security audit recommendations.
Coordinate vulnerability/penetration tests.

LOTTERY, GAME AND INFORMATION SECURITY
Create policies, procedures, and action plans to maintain the process of verifying and validating winning tickets prior to paying any high-tier claim.
Ensure compliance by licensed retailers selling Lottery products with Colorado law, Lottery regulations, policies and procedures.
Oversee security related issues relating to vendor ticket printing and production, including review of printing facility security for Colorado Lottery games, as well as the substance and content of printers' testing laboratories.
Responsible for determining when to request an instant game ticket reconstruct from the ticket printer to determine location or viability of late claimed high tier winners.
Responsible for vendor risk management to ensure service providers adhere to established information security standards.

CRIMINAL ENFORCEMENT AND REGULATORY COMPLIANCE
Enforce all criminal laws and Lottery regulations, policies and procedures related to Lottery gaming.
Determine the necessary investigative, criminal, civil or administrative action to ensure compliance with the same.
Oversee, train and direct Lottery criminal and compliance investigators.
Work with local law enforcement agencies in conducting investigations and prosecutions of fraud or theft involving Lottery products.
Ensure frequent compliance checks and integrity stings are conducted at Lottery licensed retailers across the state of Colorado.
Access criminal offender record information for the purpose of background or other investigations.
Liaise with local, state and federal law enforcement to ensure effective coordination of Lottery criminal investigations.
Plan organize and direct a security compliance program to ensure that all persons licensed by the Lottery are in conformance with Colorado law and regulations related required by their license.
Oversee Lottery retailer license applications and renewals, making recommendations to the Director regarding approval/denial.

PERSONNEL/PHYSICAL SECURITY
Oversee fingerprint-based criminal history background checks of employees, Lottery retailers and vendors, and recommend determinations of acceptance and denial to the Lottery Director
Oversee on-site security for Lottery headquarters and Lottery warehouse including, but not limited to, physical patrol, card access system, video monitoring, alarms and restricted access.

Minimum Qualifications, Substitutions, Conditions of Employment & Appeal Rights

MINIMUM QUALIFICATIONS:
Bachelor's degree from an accredited college or university in Computer and Information Science, Computer Engineering, Computer Systems Analysis, Information CyberSecurity,
AND
Six (6) years of progressive information security experience across various information security / information technology risk management domains such as but not limited to: application security, infrastructure security, identity and access management, vulnerability and cyber threat management, security architecture, etc.

SUBSTITUTIONS:
Additional appropriate experience in progressive information security experience across various information security / information technology risk management substitute for the degree requirement on a year-for-year basis.
Additional appropriate education in Masters Degree or Doctorate substitute for the required experience on a year-for-year basis.

PREFERRED QUALIFICATIONS and COMPETENCIES
The following preferred experience(s), competencies and abilities are highly desirable for this position and will be considered in selecting the successful candidate:

Those applicants with progressive Lottery-specific information security experience are strongly encouraged to apply.
Those candidates with Information CyberSecurity & Accounting Certification(s) are strongly encouraged to apply.
Demonstrated experience as a supervisor of a unit with at least 4 employees.
In depth knowledge and experience working with common regulatory framework applications related to data security including HIPAA, HITRUST, - General Data Protection Regulation (GDPR), National Institute of Standards & Technology (NIST) standards, Payment Card Industry Data Security Standard (PCI), and similar constructs is highly desired.
Demonstrated experience in the evaluation, selection and decision making as it relates to gaming security controls.
Previous knowledge and experience in designing and architecting information. technology and security controls across complex and diverse networks, applications and infrastructures is strongly preferred.
Technical aptitude, critical thinking skills and the ability to think outside the box.
Demonstrated ability to solve complex information security problems, ability to observe security risks and weaknesses and provide security recommendations to respective project and delivery teams.
Ability to translate technical risk issues to business leaders and upper management.
Ability to design and incorporate security designs in environments undergoing general IT transitions / upgrades.
Understanding of the current information security and IT risk management solutions market and vendor options across broad security domains.
Working knowledge of application security controls, common threats, and the cost-effective implementation of mitigating controls and practices.
Ability to think strategically, exceptional attention to detail and organization skills are strongly preferred.
Understanding of information risk management frameworks, regulations, data protection guidelines and standards.
Master's Degree in Computer Science, Engineering or related field. Additional graduate degrees in related fields is a plus.
CISSP, CISM, or other relevant information security industry recognized certification preferred.

DOR REQUIRED SKILLS & COMPETENCIES: Competencies required for all DOR positions include good communications skills, interpersonal and people management skills, the ability to multi-task, the ability to work with confidential information, the ability to work in high-stress environments, and the demonstrated ability to assist customers.
The following are conditions of employment with the Colorado Department of Revenue:
1. As a condition of employment with the Colorado Department of Revenue, a requirement exists that all personnel timely file all necessary Colorado Individual Income Tax (CIIT) returns and timely pay tax obligations. As such, all employees must undergo a pre-employment evaluation of their tax records/accounts to ensure compliance with this policy.
2. Employees are in a position of public trust in the performance of their job duties and must operate in a manner that maintains the highest standards of honesty, integrity, and public confidence. All job finalists require successful completion of a background investigation and reference check prior to appointment. Background checks may include national criminal, financial, traffic, civil, education, and/or experience checks or any other checks related to the job assignment. Fingerprint background checks and pre-employment drug testing may also be required for some positions.

Appeal Rights
If you receive notice that you have been eliminated from consideration for the position, you may protest the action by filing an appeal with the State Personnel Board/State Personnel Director within 10 days from the date you receive notice of the elimination.

Also, if you wish to challenge the selection and comparative analysis process, you may file an appeal with the State Personnel Board/State Personnel Director within 10 days from the receipt of notice or knowledge of the action you are challenging.

Refer to Chapters 4 and 8 of the State Personnel Board Rules and Personnel Director's Administrative Procedures, 4 CCR 801, for more information about the appeals process. The State Personnel Board Rules and Personnel Director's Administrative Procedures are available at www.colorado.gov/spb.

A standard appeal form is available at: www.colorado.gov/spb. If you appeal, your appeal must be submitted in writing on the official appeal form, signed by you or your representative, and received at the following address within 10 days of your receipt of notice or knowledge of the action: Colorado State Personnel Board/State Personnel Director, Attn: Appeals Processing, 1525 Sherman Street, 4th Floor, Denver, CO 80203. Fax: 303-866-5038. Phone: 303-866-3300. The ten-day deadline and these appeal procedures also apply to all charges of discrimination.

Supplemental Information

E-MAIL ADDRESS:
All correspondence regarding your status in the selection/examination process will be conducted via e-mail. Include a working email address on your application; one that is checked often as time sensitive correspondence such as exam information or notification will take place via email. Please set up your e-mail to accept messages from "state.co.us" and "info@governmentjobs.com" addresses. It is your responsibility to ensure that your email will accept these notices and/or review your junk mail and spam filtered email.

APPLICANT CHECKLIST:
Only complete applications submitted by the closing date for this announcement will be given consideration. Failure to submit properly completed documents by the closing date of this announcement may result in your application being rejected.

Complete Applications must include the following documents:
1) A complete CDOR Application for Announced Vacancy (Submit online using the link in this announcement)
2) A complete Supplemental Questionnaire (Submit online as part of your application)
3) A chronological resume (Attach to your online application, late submissions will not be accepted)
4) A Cover Letter with a Written Narrative. The written narrative should describe your interest in this position and specifically how your education, abilities, skills and experience relate to the requirements, responsibilities and competencies listed in the job announcement. (Attach to your online application, late submissions will not be accepted)

MINIMUM QUALIFICATIONS AND COMPARATIVE ANALYSIS:
Part of, or the entire comparative analysis for this position, may involve a review of the information submitted in the application material, including the answers to the supplemental questions. Therefore, it is paramount that in the experience portion of the application, the applicant describes the extent to which they possess the education, experience, competencies and background as they relate to the duties outlined in the job announcement, as well as the special and/or preferred qualifications. List your employment history starting with the most recent job, including part-time, temporary, and volunteer jobs. If more than one job was held with a given organization, list each job held as a separate period of employment. Under "Duties," describe clearly the tasks you performed and the nature of your supervisory, technical, or other responsibilities as they relate to the job for which you are applying. Be complete and specific in detailing of duties. Information must be accurate, including dates of employment. If it is found that information provided is falsified, you will not be considered for a job with the State of Colorado and/or may be removed from a job after hire. Failure to include adequate information or follow instructions may affect the applicant's score and/or prevent them from competing in any subsequent measures used to arrive at a top group of applicants. Factors to be assessed are those outlined in the requirements, competencies, and preferred qualifications.

Years will be expressed in terms of full-time equivalent service with full-time workload equal to one (1) Full-Time Equivalent (FTE) year. No more than 1.00 FTE year may be credited in any twelve (12) month period. Positions working 40 hours or less per week will be pro-rated (30 hrs/wk=0.75 FTE=9 mos credit; 20 hrs/wk=0.5 FTE=6 mos credit; 10 hrs/wk=0.25 FTE=3 mos credit)

The State of Colorado is an equal opportunity employer. We are committed to building work environments that are inclusive and reflect our communities and the diverse talents of all people. We strongly encourage candidates from all backgrounds and abilities to apply.