Sr. CAPPS Security Architect

Position Requirements. The CPA Work includes, but is not limited to, the following:

• Performing highly advanced (senior-level) consultative services and technical assistance work related to supporting the CAPPS Program.
• Responsible for theIAM (TDIS) and ERP (CAPPS) security framework, which includes but is not limited to:

• Provides oversight of IAM workflows, including account lifecycle management, provisioning, de provisioning, and access reviews.
• Manage and enforce role based access control (RBAC) and least privilege models within ERP and connected systems.
• Design and maintain segregation of duties (SoD) rules; identify and remediate SoD conflicts across business processes.
• Review and validate security roles, permission sets, and custom authorizations within CAPPS and all ancillary systems.
• Monitor and analyze authentication, authorization, and privilege escalation logs for suspicious behavior and coordinate any findings with CPA Information Security Office.
• Oversee secure integration of third party apps via SAML, OAuth, OIDC, SCIM, and custom APIs.
• Validate CAPPS application changes, customizations, and workflows for security and compliance impact.
• Respond to and investigate identity related security incidents, including account compromise, unauthorized access, and TDIS fraud indicators.
• Maintain standards for security, performance, compliance, and architecture.

• Responsible for ensuring that all digital products and content meet WCAG 2.1 accessibility standards. This includes maintaining perceivable, operable, understandable, and robust experiences for all users, regularly reviewing content for compliance, and implementing updates or remediation whenever accessibility issues are identified.
• Assisting with all applicable contract management oversight responsibilities associated with the CAPPS Program, including, but not limited to:

• Assisting and participating with the annual IT control audits related to the CAPPS Central applications.
• Ensuring contract data security, user permissions, audit trails, and compliance with organizational and regulatory standards.
• Performing technical reviews of contract templates, metadata structures, workflows, and automation rules to ensure accuracy and usability.
• Working closely with Fiscal Management’s contract managers to identify gaps and optimize contract processes.
• Overseeing and/or assisting with technical oversight and support related to, but not limited to, SLAs, system monitoring, environment analysis, hardware/software evaluation, network troubleshooting, migration paths, coding standards, security standards, compare reports, application change management review, and batch scheduling review.
• Maintaining documentation related to architecture, configuration, integrations, and change management.
• Supporting reporting and analytics for contract KPIs, compliance metrics, and lifecycle performance.
• Reviewing and suggesting approval for all assigned Technical Deliverables related to CAPPS Architecture, CAPPS System Development Lifecycle, Disaster Recovery, CAPPS Security Plans (SSP), and all CAPPS related Technology plans related to CAPPS applications currently and planning for the future.
• Planning and coordinating various technical upgrades (e.g., PeopleSoft image, PeopleSoft Fluid, PeopleTools, other software publisher upgrades, etc.).
• Participating as a security advisor during the procurement cycle for certain CPA-issued procurements for products or services associated with CPA’s CAPPS Program. Activities may include, but are not limited to, the following: research of products and services, planning activities, drafting and reviewing documents for use in solicitations, providing technical input for purposes of developing guidelines for evaluating the developed technical specifications, and serving as a technical advisor providing input to CPA’s teams during the evaluation and negotiation phases.

Special Skill Set

• Serve as a subject matter expert associated with user role Segregation of Duties (SOD) in CAPPS multi-tenant software applications.

• Serve as a subject matter expert and perform Delegated Administration Level 3 for the Texas Digital Identity Services (TDIS).
• Serve as the subject matter expert and be able to implement, support, and maintain products offered by PathLock that include: User Access Review (UAR), Single Sign-On (SSO), Data Masking and A360.