CS-214 1. Position Code REV 8/2007

State of Michigan Civil Service Commission Capitol Commons Center, P.O. Box 30002 Lansing, MI 48909 Federal privacy laws and/or state confidentiality requirements protect POSITION DESCRIPTION a portion of this information.

This form is to be completed by the person that occupies the position being described and reviewed by the supervisor and appointing authority to ensure its accuracy. It is important that each of the parties sign and date the form. If the position is vacant, the supervisor and appointing authority should complete the form. This form will serve as the official classification document of record for this position. Please take the time to complete this form as accurately as you can since the information in this form is used to determine the proper classification of the position. THE SUPERVISOR AND/OR APPOINTING AUTHORITY SHOULD COMPLETE THIS PAGE.

2. Employee’s Name (Last, First, M.I.) 8. Department/Agency Technology, Management & Budget

3. Employee Identification Number 9. Bureau (Institution, Board, or Commission) Infrastructure & Operations 4. Civil Service Classification of Position 10. Division Information Technology Specialist 15 5. Working Title of Position (What the agency titles the 11. Section position) Audit Compliance Governance, Risk and Compliance (GRC) Program Specialist

6. Name and Classification of Direct Supervisor 12. Unit Laura Blastic, SDA 17 Audit Compliance

7. Name and Classification of Next Higher Level Supervisor 13. Work Location (City and Address)/Hours of Work David Bates, SME 19 Operations Center, 7285 Parsons Drive, Dimondale Work Schedule - See Box 18 14. General Summary of Function/Purpose of Position This position is responsible for the overall strategic, technical, architectural and administrative oversight of the enterprise audit compliance infrastructure environments throughout the State of Michigan. It is responsible for all functions required to plan, design, optimize, implement, manage, and trouble-shoot escalated issues within the enterprise audit compliance infrastructure.

This position is additionally responsible for advocating the use of emerging audit compliance regulations, developing standards and procedures, promoting the usage of automated tools, developing strategies, aligning practices with strategic initiatives and the owner of FedRAMP Compliance. The position provides critical oversight for audit compliance infrastructure maintenance and improvements in this highly visible and critical application containing highly sensitive personal information; having internal and external interfaces with critical systems; and operating under strict architectural guidelines and oversight. This position requires an extremely high degree of technical skill, initiative and creativity and must keep current with new and emerging theories, regulations, standards, technologies, and practices in tools, software, networking, operating systems and hardware in order to provide for the needs of the state. Responsibilities also include end- to-end facilitation, pilot implementation, validation, and roll out of new technologies for the enterprise audit compliance infrastructure. As an audit compliance architect, it also involves mentoring, coaching, coordination and consultation with fellow systems administrators and architects within Enterprise Architecture, Michigan Cyber Security, vendors, and other teams that interface with the audit compliance environments.

Overtime and/or on-call may be required for this position. Due to the nature of Infrastructure and Operations’ support services; division policy utilizes flex scheduling for time worked in excess of 40 hours per week in alignment with Civil Service guidelines.

Page 1 For Civil Service Use Only

15. Please describe your assigned duties, percent of time spent performing each duty, and explain what is done to complete each duty. List your duties in the order of importance, from most important to least important. The total percentage of all duties performed must equal 100 percent.

Duty 1 General Summary of Duty 1 % of Time 80% Research and design emerging technology strategies and provide technical, architectural and administrative oversight of the enterprise audit compliance system design and implementation for state applications, staff, and constituents.

Individual tasks related to the duty. Provide strategic and architectural services on behalf of audit compliance for large scale or enterprise level projects, as assigned.  Create and maintain the overall strategic and technical direction for the design of audit compliance and intrusion prevention system solutions, providing vision and guiding principles for the strategy and architecture of enterprise solutions, as well as consultation to project teams in the implementation and integration of audit compliance solutions.  Design audit compliance prevention system architectures to achieve the business, functional, and performance requirements of audit compliance system solutions while adhering to architecture principles, standards, regulations, software development & project management methodologies and best practices.  Consults and researches with vendor product specialists/sales, independent research organizations, on-site support engineers and fellow architects and administrators on best-fit technologies and also ensure compliance to department standards and technology roadmap.  Consult with Customer Services application teams and business areas to assure a chosen technology meets system and application requirements as well as relevant existing licensing agreements and standards.  Research opportunities to leverage existing solutions to meet client agency requirements.  Coordinate with Enterprise Architecture team for technology validation or suggestions for alternative solutions. If necessary, initiate Solution Assessments, Infrastructure Service Requests, and any applicable required documentation to implement the new technology.  Produce architectural framework documents i.e., white pages, guidance documents, best practices, technical reports, etc.  Lead technical workshops, training, seminars and conferences to expand end-to-end knowledge as well as gain insight on emerging relevant technologies and standards.  Research and recommend to management current regulatory requirements supported by Payment Card Industry (PCI) Data Security Standards (DSS), National Institute of Standards and Technology (NIST), Internal Revenue Service (IRS) and other relevant security regulations. Owner of FedRAMP Compliance  End to end facilitator for audit compliance system infrastructure security compliance. This will involve communication within and across Infrastructure Operations divisions as well as across Customer Services, Michigan Cyber Security and the Office of the Auditor General.  Design processes for audit compliance of enterprise critical applications.  Design processes for regular testing of audit compliance security controls to demonstrate and document controls are being met. audit compliance  Lead architectural design meetings that will keep the infrastructure current with industry standards and best practices.  Make continual recommendations regarding necessary upgrades through the use of capacity planning.  Provide leadership in EA Core Team workshops to guide clients to implement best-fit technologies, recommend alternative solutions and provide general technical advice.  Leverage broad-based understanding of technology areas and end-to-end knowledge of current installations to craft architectural solutions or standards that can be applied across the enterprise.  Enterprise Audit Compliance Represent the in workgroups, Local Change Advisory Board, and Enterprise Change Advisory Board sessions as required.

Page 2 General Summary of Duty 2 % of Time 15% Provide strategic and architectural support for the audit compliance infrastructure as a Subject Matter Expert. Specialist will perform audit compliance performance and capacity planning tasks. Other duties as necessary to support the mission of the organization.

Individual tasks related to the duty.  Perform issue resolution coordination for Enterprise Audit Compliance, interfacing and coordinating with internal and external partners as required.  Proactively monitor, audit, review and analyze data to detect and correct operational or compliancy problems.  Oversee the maintenance of processes for remediating specific audit findings for audit compliance system security.  Oversee the maintenance processes for control procedures for the audit compliance system infrastructure.  Perform issue coordination for the Enterprise Audit Compliance Section, interfacing and coordinating with

internal and external partners as required.  Provide leadership support on special project teams as assigned by upper management regarding internal and external compliance. Communication for these projects will be not only within and across divisions, but in many cases across departments or local government entities as end-to-end facilitator for implementation of major new technologies.  Develop a broad-based knowledge of the State’s existing IT infrastructure and work cooperatively in order to serve as a technical resource to the department’s third-party vendors, in-house support teams and customers (internal and external).  Attend technical workshops, training, seminars and conferences to expand end-to-end knowledge as well as gain insight on emerging relevant technologies.  Participate in premier hardware/software contracts and service contract development and administration.  Provide input on the strategies, policies, standards and procedures internal to the Office of the CTO, Infrastructure & Operations and Customer Service teams.  Pro-actively monitor, analyze, and project capacity growth.  These duties include, but are not limited to special projects, attending meetings, and workshops.

General Summary of Duty 3 % of Time 5% Other duties as assigned.

Individual tasks related to the duty. Other duties as assigned.

Page 3 16. Describe the types of decisions you make independently in your position and tell who and/or what is affected by those decisions. Use additional sheets, if necessary. Decisions must be made on a daily basis when performing research, documenting strategies, implementing changes, reviewing architectures, or problem solving. These decisions affect the audit compliance infrastructure and potentially users across the entire State of Michigan.

17. Describe the types of decisions that require your supervisor’s review. Decisions that are politically sensitive in nature, have a major budget or financial implication, have a resource impact, include setting work priorities or have significant impact on staff. Problems that are taking a prolonged period of time and will need additional resources to resolve. Any corrective actions towards remediation of major security breaches.

18. What kind of physical effort do you use in your position? What environmental conditions are you physically exposed to in your position? Indicate the amount of time and intensity of each activity and condition. Refer to instructions on page 2. Extensive standing, sitting, reaching, lifting, bending, carrying, walking, kneeling and climb steep ladders. Use of a computer and telephone extensively. The employee is regularly required to lift up to 60 pounds.

The employee would primarily be in a temperature-controlled environment when performing their duties.

Standard work schedule is 8:00a to 5:00p Monday through Friday unless an alternate work schedule has been approved by management. Overtime and/or on-call may be required for this position. Due to the nature of technical support services; division policy requires flex scheduling for time worked in excess of 40 hours per week when advanced notice is given by management in accordance with Civil Service guidelines.

19. List the names and classification titles of classified employees whom you immediately supervise or oversee on a full-time, on-going basis. (If more than 10, list only classification titles and the number of employees in each classification.)

NAME CLASS TITLE NAME CLASS TITLE

20. My responsibility for the above-listed employees includes the following (check as many as apply):

Complete and sign service ratings. Assign work. Provide formal written counseling. Approve work. Approve leave requests. Review work. Approve time and attendance. Provide guidance on work methods. Orally reprimand. Train employees in the work.

Page 4 21. I certify that the above answers are my own and are accurate and complete.

Signature Date

NOTE: Make a copy of this form for your records.

Page 5 TO BE COMPLETED BY DIRECT SUPERVISOR 22. Do you agree with the responses from the employee for Items 1 through 20? If not, which items do you disagree with and why? Prepared by management.

23. What are the essential duties of this position? This position is responsible for the overall strategic, technical, architectural and administrative oversight of the enterprise audit compliance infrastructure environments throughout the State of Michigan. It is responsible for all functions required to plan, design, optimize, implement, manage, and trouble-shoot escalated issues within the enterprise audit compliance infrastructure.

This position is additionally responsible for advocating the use of emerging audit compliance technologies, developing standards and procedures, promoting the usage of automated tools, developing strategies, and aligning practices with strategic initiatives. The position provides critical oversight for audit compliance infrastructure maintenance and improvements in this highly visible and critical “red-card” application containing highly sensitive personal information; having internal and external interfaces with critical systems; and operating under strict architectural guidelines and oversight. This position requires an extremely high degree of technical skill, initiative and creativity and must keep current with new and emerging theories, regulations, standards, technologies, and practices in tools, software, networking, operating systems and hardware in order to provide for the needs of the state.

Responsibilities also include end-to-end facilitation, pilot implementation, validation, and implementation of new technologies for enterprise audit compliance. As an enterprise audit compliance system architect, it also involves mentoring, coaching, coordination and consultation with fellow systems administrators and architects within the Enterprise Architecture, Michigan Cyber Security, vendors, and other teams that interface with the audit compliance environment. This position must be able to communicate in business friendly terminology; to all stakeholders. This position is also accountable to the Chief Technology Officer for ensuring solutions are aligned with the IT Strategic direction.

Critical Job Role: Research and design emerging technology strategies and provide technical, architectural and administrative oversight of the audit compliance system design and implementation for state applications, staff, and constituents 24. Indicate specifically how the position’s duties and responsibilities have changed since the position was last reviewed. New Position.

25. What is the function of the work area and how does this position fit into that function? The function of the unit is to provide strategic and technical expertise to all the users of audit compliance services throughout the State of Michigan. It includes strategy development, planning, implementation, maintenance, and enhancements of the State’s audit compliance infrastructure.

This position reports to the Enterprise Audit Compliance Section, serving as the primary audit compliance system architect supporting the State Administrative Manager 15 for the Enterprise Audit Compliance Section to provide strategic and architectural solution direction and technical oversight. In addition, this position is accountable to Enterprise Architecture to ensure that strategies and solutions are aligned with the IT Strategic direction.

Responsibilities include all aspects of audit compliance and architecture development, administration, installation, maintenance, and testing.

26. In your opinion, what are the minimum education and experience qualifications needed to perform the essential functions of this position.

Page 6 EDUCATION: Possession of a bachelor’s degree with at least 21 semester hours (32 term) credits in computer science, data processing, computer information systems, data communications, networking, systems analysis, computer programming, or mathematics.

EXPERIENCE: Four years of professional experience equivalent to an Information Technology Programmer/Analyst P11 or one year equivalent to an Information Technology Programmer/Analyst 12.

KNOWLEDGE, SKILLS, AND ABILITIES: This position requires the understanding of the business context for audit compliance technologies. An end-to-end knowledge and understanding of critical system(s) environments, customer business and applicable technologies. It requires a high degree of technical skill, initiative, creativity and broad-based understanding of many technology areas. All activities require strict adherence to department policies and procedures as well as industry best practices. As a senior position it also involves mentoring, coaching and constant coordination and consultation with fellow architects and administrators within the Bureau, vendors and other teams. This position also requires is a thorough understanding and working knowledge of networking protocols, and standards, the ability to analyze problems in the environment and provide solutions. This position must have a thorough understanding of peripheral technologies, network security compliance. This position must have the ability to present complex technical solutions in a business friendly manner, to stakeholders, executive management, and vendors. This position must be able to communicate in business friendly terminology, to all stakeholders.

CERTIFICATES, LICENSES, REGISTRATIONS: ITIL Foundations certification required. CCNA or CCIE and CISSP are required within two years of hire.

Duties may involve the use of a personal vehicle,

Background Checks: The candidate selected for this position will be required to submit to fingerprinting for state and federal criminal background record checks. The candidate must be felony-free, and must remain so in the future. Any position offer will be conditional until results of the criminal background record checks indicate eligibility for employment.

The selected candidate must complete the Michigan State Police background check. This extensive background check requires fingerprinting for state and federal criminal background records. The background check search will include, but is not limited to, arrests, criminal charges, criminal convictions, and any information regarding contact with a criminal justice agency. The selected candidate must complete the Criminal History Background Check Agreement (DTMB-0223) prior to the Michigan State Police background check.

NOTE: Civil Service approval of this position does not constitute agreement with or acceptance of the desirable qualifications for this position. 27. I certify that the information presented in this position description provides a complete and accurate depiction of the duties and responsibilities assigned to this position.

Supervisor’s Signature Date TO BE FILLED OUT BY APPOINTING AUTHORITY 28. Indicate any exceptions or additions to the statements of the employee(s) or supervisor.

Page 7 29. I certify that the entries on these pages are accurate and complete.

Appointing Authority’s Signature Date

Page 8