Information Technology Enterprise Expert - Information Security Architect

Full Job Description

Only applicants who meet the Minimum Qualification Requirements and meet all selective requirements (listed below) will be placed on the eligible list.

The Department of Management (DOM), Division of Information Technology (DoIT), is seeking an Information Security Architect to design, implement, and govern the State of Iowa’s enterprise security architecture.

This position is critical to safeguarding state systems and data by embedding security into technology solutions, aligning with national standards, and advancing the Iowa Cyber Strategy and CyberGUARD framework.

Key Responsibilities

• Develop, implement, and continuously improve the State’s enterprise security architecture framework.
• Define and enforce standards that integrate security controls across systems, platforms, and services.
• Establish scalable technical, administrative, and physical controls to maintain a consistent security posture statewide.
• Serve as the authority for identifying and documenting compensating controls when baseline measures are not feasible.
• Ensure alignment with NIST SP 800-53, Risk Management Framework (RMF), and the Iowa Cyber Strategy.
• Translate compliance and policy requirements into measurable, enforceable security controls.
• Conduct threat modeling using frameworks such as MITRE ATT&CK and the cyber kill chain to inform architecture decisions.
• Enhance visibility and reporting of controls to support audits, assessments, and incident response.
• Collaborate with leadership, agency partners, and technical teams to embed secure design principles.
• Lead enterprise-wide initiatives, including project charters, cost-benefit analyses, and vendor oversight.
• Analyze statewide security trends and report on performance, risk posture, and architecture effectiveness.
• Represent the Chief Information Security Officer (CISO) in interagency committees and strategic planning efforts.
• Promote adoption of CyberGUARD standards and secure architecture practices across agencies.
• Evaluate emerging technologies and evolving threats to strengthen enterprise security architecture.

What We’re Looking For

• Proven expertise in security architecture and enterprise-level design.
• Experience with NIST and RMF frameworks for secure system implementation.
• Knowledge of threat modeling using MITRE ATT&CK and cyber kill chain methodologies.
• Strong collaboration skills to work across agencies and technical teams.
• Ability to translate policy into actionable controls for compliance and audit readiness.
• Forward-thinking approach to address emerging threats and technologies.
• Preferred certifications: CISSP, CISA, GSEC, or equivalent.

What We Offer

• Flexible work environment
• Iowa Public Employees' Retirement System (IPERS)
• Health, dental, and vision insurance
• Generous vacation, sick leave, and paid holidays
• Life and disability insurance
• Retirement savings options (RIC)
• Flexible Spending Accounts

Why Work with Us?

At the Iowa Department of Management (DOM), we help government agencies across the state perform at their best by managing financial resources, technology, and information.

Our mission is rooted in service—we provide efficient, innovative, and strategic solutions that empower agencies to fulfill their goals.

We’re guided by four core values:

• Integrity – We act with honesty and accountability.
• Teamwork – We collaborate to achieve shared success.
• Service – We are committed to excellence in public service.
• Partnership – We build strong relationships to drive results.

Working Arrangement

This position requires onsite work in Des Moines, IA each week. Employees meeting all expectations of their work responsibilities may request remote work and develop a hybrid/remote schedule collaboratively with their manager.

Please note, candidates for this position must reside in the state of Iowa at the time of starting the role.

Background Check Requirements:

• After a conditional offer of employment has been made, and as the final step in the hiring process, candidates for this position will be subject to a background investigation, which may include but may not be limited to a verification of a candidate’s education, previous employment/work history, contact of personal references, motor vehicle records, and a criminal history check (including through Federal, State, or Local criminal justice agencies).
• Information gathered as part of such background investigation will be treated as confidential to the extent permitted by Iowa Code section 22.7, 8B.4A, and other applicable laws, rules, and regulations; provided that, to the extent permitted by applicable law, such information shall be available to candidates upon request.

E-Verify and Right to Work
The State of Iowa participates in E-Verify, a federal program that helps employers confirm the employment eligibility of all newly hired employees. Within the required timeframe, new hires will be verified through the E-Verify system to ensure authorization to work in the United States. The State of Iowa also complies with the federal Right to Work laws, which protect employees’ rights to work without being required to join a labor organization. For more information, please visit www.e-verify.gov.

Requirements

727 Risk Assessment:
6 months experience, 12 semester hours, or a combination of both in analyzing and identifying risks and the corresponding potential impact to information and information technology systems.

AND

728 Physical Security:
6 months experience, 12 semester hours, or a combination of both in the physical aspects of securing information technology systems.

AND

990 Cyber Security Planning:
A minimum of 18 months of full-time work experience in cyber security planning at a professional level that included the following major functions: participating in and leading a company-/agency-wide cyber security planning program including the identification of cyber security risks, development of prevention and response plans to minimize cyber-attack damages including mass care and consequences management, and the development of continuation of business operation plans; participating in national cyber security planning initiatives and exercises; responding to and participating in the recovery work from cyber security incidents; and working across governments, private sectors, and non-profit organizations collaboratively on cyber security planning activities and plans for response.

Qualifications

Applicants must meet at least one of the following minimum requirements to qualify for positions in this job classification:

**Please note: to pass the initial screening, applicants must demonstrate the stated experience in the minimum requirements.

1) Graduation from an accredited four-year college or university with a degree in any field, and experience equal to five years of full-time work in one or more of the following areas: mainframe computing systems programming; computer-based networking (LAN, WAN); database management systems; applications development, maintenance, and testing; server and workstation operating systems; telecommunications carrier operations; and/or Internet/Intranet development and deployment.

2) All of the following (a and b):
a. Five years of full-time work experience in one or more of the following areas: mainframe computing systems programming; computer-based networking (LAN, WAN); database management systems; applications development, maintenance, and testing; server and workstation operating systems; telecommunications carrier operations; and/or Internet/Intranet development and deployment; and
b. One of the following (i or ii):
i. Twenty-four semester hours of accredited post-high-school course work in one of the specialty areas listed in part a; or
ii. Certification from an authorized educational institution or a major computer/software producer in an area directly related to one of the specialty areas listed in part a.

3) A total of nine years of education and/or full-time experience in one or more of the following areas: mainframe computing systems programming; computer-based networking (LAN, WAN); database management systems; applications development, maintenance, and testing; server and workstation operating systems; telecommunications carrier operations; and/or Internet/Intranet development and deployment, where thirty semester hours of accredited college or university coursework in any field equals one year of full-time experience.

4) Current, continuous experience in the state executive branch that includes two years of full-time work as an Information Technology Specialist 5.

For additional information, please click on this link to view the job description.