Job Description

Job Description and Duties

This position offers an exciting opportunity to participate in delivering a new Comprehensive Child Welfare Information System (CCWIS) with Child Welfare Digital Services (CWDS), a unique collaboration involving the California Health and Human Services Office of Technology and Solutions Integration (CalHHS OTSI), the California Department of Social Services (CDSS), and California's Counties and Tribes.

Under the general direction of the Information Technology Manager I, the IDAM/OKTA Specialist II will serve as the Primary Subject Matter Expert and Lead Engineer for the CWS-CARES System’s Identity and Access Management (IDAM) solution. The incumbent will be responsible for designing and maintaining a secure, seamless identity framework for a complex cloud-based system serving a large user base from across multiple organizations and community users from across the state. The ITS II ensures that all identity solutions are architected for high availability and strict compliance with the Comprehensive Child Welfare Information System (CCWIS) regulations, California State Administrative Manual (SAM), Statewide Information Management Manual (SIMM), NIST SP 800-53 rev 5, CWS-CARES System Security Plan and other pertinent federal mandates.

The salary for this position will be the base of the classification if candidates are not currently employed by the state. This does not include additional forms of compensation such as benefits and retirement. Hiring above minimums are not available for the IT Classification Series.

You will find additional information about the job in the .

Working Conditions

This position is currently eligible for telework opportunities.  This position is currently hybrid.  The amount of telework is at the discretion of the OTSI and is subject to operational needs.

Business travel may be required.  All commute expenses to the reporting location will be the responsibility of the selected candidate.   The OTSI office location for this position is 2870 Gateway Oaks, Suite 150, Sacramento, CA.

Travel reimbursement considerations take into account an employee’s home address and designated reporting location and are subject to applicable policies, rules, regulations, and bargaining unit contract provisions.

On July 1, 2025, the California Department of Human Resources (CalHR) implemented the temporary Personal Leave Program 2025 (PLP 2025).  PLP 2025 directs that each employee receives a temporary reduction in pay in exchange for PLP 2025 leave credits. The temporary salary reduction percentage and the number of PLP 2025 leave credits are based on the position’s associated bargaining unit.  The salary range(s) included in this job advertisement do not include the temporary salary reduction.  Please reach out to the hiring unit contact listed on this job advertisement for details.

Candidates who reside outside of the State of California may be admitted to the job interview but must be a resident of California for employment.

Special Requirements

Background Check:  All applicants shall be subject to a pre-employment background investigation. The investigation will consist of completion of a pre-employment questionnaire, fingerprinting, and an inquiry to the Department of Justice to disclose criminal records.

Desirable Qualifications

In addition to evaluating each candidate's relative ability, as demonstrated by quality and breadth of experience, the following factors will provide the basis for competitively evaluating each candidate:

• Bachelor’s degree in information security, computer science or a related field.

• At least 3 years of experience in Identity and Access Management (IDAM) or similarly related experience.

• At least 5 years of experience in IT Security, or IT Compliance.

• Expert Level Experience with implementing and managing IDAM tools/services, preferably OKTA.

• Mastery of SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM for cross-domain provisioning.

• Expert understanding and experience with practical application of Access Control principles, user entitlement analysis, and access governance.

• Experience with design and implementation of RBAC, least privilege, and segregation of duties principles.

• Proficiency in the use of regulatory and security frameworks such as NIST, CIS, etc.

• Strong analytical and problem-solving skills.

• Effective oral and written communication skills.

• Attention to detail to ensure accuracy and accountability.

• Experience collaborating and leading cross functional teams from different domains.

• Certifications such as Certified Identity and Access Manager (CIAM), Certified Identity and Access Professional (CIAP) and/or CISSP.

• Experience as an Identity and Access Management provider using OKTA.

• Experience with CCWIS requirements and the ability to map technical IDAM controls to NIST SP 800-53 rev 5, SAM 5300, and SIMM guidelines.

• Expert understanding of various Cloud Technology Applications including Salesforce, Snowflake, Tableau, Mulesoft, AWS, AEM, etc. with knowledge and preferably experience in provisioning identity services including RBAC for these technologies using OKTA.

• Experience using REST APIs and scripting (Python, PowerShell) to automate lifecycle management for a massive, multi-tenant user base.

Benefits

OTSI is dedicated to creating an innovative workplace for its team members that is inclusive, diverse, and interactive! Here are a few of the ways we stay engaged with our team:

• Ongoing professional development and engagement opportunities.
• Employee Assistance Program (EAP).
• Free Parking!

Additionally, as a team member of the State of California, you may be eligible for many benefits, such as:

• Medical, including health, dental, and vision insurance.
• Paid Holidays and vacation/leave
• Defined retirement program
• Savings Plus Program (401(k), 457)
• Medical/Dependent Care Reimbursement Accounts

Full benefits information can be found on CalHR's 

Simple Application Steps:

If you are interested in this position, complete the following simple steps:

1. Review the education and experience minimum qualifications (MQ’s) of the Manager I Classification  . See the Minimum Requirements section above.
2. Complete the statement of qualifications and the state application by clicking “Apply Now” above. See below for detailed application instructions.
3. Submit your application package with all required documents, which include the statement of qualifications - see the "Required Application Package Documents" section below.
4. Once you have applied, take the 

Required Application Package Documents

The following items are required to be submitted with your application. Applicants who do not submit the required items timely may not be considered for this job:

• Current version of the State Examination/Employment Application STD Form 678 (when not applying electronically), or the Electronic State Employment Application through your Applicant Account at All Experience and Education relating to the Minimum Qualifications listed on the Classification Specification should be included to demonstrate how you meet the Minimum Qualifications for the position.
• Resume is required and must be included.
• Supplemental Application -

  Without the use of Artificial Intelligence (AI) or ChatGPT, please answer the following questions in two pages or less:

  1. What has been your personal experience and approach in implementing OKTA as the identity and Access Management provider for a multi-cloud, multi technology system with a diverse user base from multiple organizations?

  2. What challenges did you face with such a deployment and how were they overcome?

  **Be specific in your responses, but please ensure that you do not divulge sensitive information**

Job Tags

Permanent employment, Full time, Contract work, Work at office, Remote work

Similar Jobs