Cayuse Holdings
  • 15-Nov-2022 to Until Filled (HST)
  • Cayuse Technologies
  • Sacramento, CA, USA
  • 80000-130000 per year Depending on experience
  • Full Time

Cayuse Technologies launched in 2006 as a US-based alternative to offshore technology delivery centers, providing information technology solutions and subject matter expertise to our clientele. Cayuse focuses on federal markets and missions, and is an SBA tribal 8(a) certified company. Cayuse brings significant past performance and excellent CPARS to its clients at an exceptionally competitive price. Cayuse's 41,000 sq. ft. technology delivery center is fully redundant and prepared to meet the needs of government. Our clients include DHS, DHA, DoS, USMC, US Army, HHS/Indian Health Service, Department of Interior, Bureau of Indian Affairs, Bureau of Indian Education, among many more.

The CDFA's mission is to serve the citizens of California by promoting and protecting a safe, healthy food supply, and enhancing local and global agricultural trade, through efficient management, innovation, and sound science, with a commitment to environmental stewardship. The CDFA Office of Information Technology Services (OITS) supports this mission by providing comprehensive IT services including critical maintenance, operations, and the development and implementation of new solutions and services.


  • Perform discovery, analysis, and documentation of all CDFA IT applications and systems ("systems"), including ownership and location, into a single catalog.
  • Coordinate and document data classification and categorization of all IT systems into the systems catalog in compliance with SAM and SIMM.
  • Perform and document risk analyses for all IT systems, as well as documenting existing, required, or missing security controls, in support of business continuity/continuity of operations, system security, and technology recovery Plans in compliance with SAM and SIMM.
  • Analyze, create, and/or amend as appropriate, business impact analyses, change management, incident management/response
  • Maximum Total Cost for an information security program, system security, and technology
    recovery plans and processes in compliance with SAM and SIMM.
  • Implement and validate required security controls as identified in system security plans.
  • Document recommendations on logical consolidation of systems as appropriate based on compatibility between security control requirements.

Tasks and Duties:

• Independently collaborate and lead systems analyses with CDFA business and technical staff.
• Lead and facilitate meetings with CDFA business and technical staff, and elicit and document resulting information and data gathering.
• Analyze data against documented requirements to identify any gaps.
• Propose system changes and implementation of solutions to close any security requirement gaps or findings.
• Assist in the implementation of security controls to resolve identified requirements gaps or findings.
• Analyze existing policy requirements and established documentation standards to develop information security plans and procedures.
• Act as advisor to CDFA on security policies and requirements.
• Develop and mentor CDFA staff on risk analyses.
• Provide compliant guidance, direction, and implementation of additional or amended technology recovery procedures, practices, and plans.
• Adhere to organizational policies and procedures in implementing security controls.
• Develop accurate, comprehensive deliverables using Microsoft Word, Excel, PowerPoint, Outlook, Visio, and Project.
• Demonstrate strong interpersonal, oral, and written communication skills including telephone and presentation skills.
• Strong information security knowledge

  • Review established operational and security plan guidelines, templates, and requirements to develop a compliant reporting mechanism
  • Work with customers to identify and document business impacts and system security classification and data categorization ratings
  • Develop operational and security plans and recommendations to meet compliancy requirements

• Ensure deliverable alignment compliance with enterprise/technical architecture and policies
• Ensure adherence to standards, guidelines, and best practices
• Ensure quality of deliverables
• Report progress to state leadership
• Implement technical plans and recommendations to meet compliance
• Work a flexible schedule when needed, which may include evenings and weekends


  • Experience performing analytical and technical assessments of systems and development and implementation of security controls and information security program procedures and plans compliant with established state standards.
  • A minimum of five (5) years of progressively complex work experience, knowledge, skills, and abilities in security system and risk management, analysis, and mitigation, including demonstrated knowledge and practical implementation of requirements in the California State Administrative Manual (SAM)Chapter 5300 and all sub-sections and external references, and the Statewide Information Management Manual (SIMM) 5300 and all subsections and external references.
  • A minimum of three (3) years of experience performing and documenting business impact analyses, risk analyses, and researching, coordinating the evaluation of, and recording data/system classification and categorization ratings pursuant to the SIMM 5305-A/SAM 5305.5 standards and policies.
  • A minimum of three (3) years of experience analyzing, identifying, and implementing system security controls in compliance with SIMM 5305-A/SAM 5305.5 data/system classification and categorization ratings and related external references and standards.
  • A minimum of three (3) years of experience designing, documenting, and implementing at least three (3) of the following formal documents in compliance with SIMM and SAM direct and referenced standards, policies, guidelines, and requirements:
    • Business Impact Analyses
    • Information Security Program Plans
    • Technology Recovery Plans
    • System Security Plans
    • Incident Management/Response Plans
  • Baccalaureate-level degree in a relevant technical specialty, such as computer science, management information systems, computer engineering, software engineering. Additional qualifying experience may be substituted for the required education on a year-for-year basis.

Cayuse and our family of companies are 100% Indian Small Business Economic Enterprises (ISBEE) wholly owned by the Confederated Tribes of the Umatilla Indian Reservation (CTUIR). Specifically, within our Government Operations, we offer diverse business lines and workforce while providing solutions for federal, state, and local clients throughout the world. Cayuse's comprehensive program management, mission support, and technology solutions are ideally positioned to help our clients advance their goals.

Cayuse Holdings
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Share This Page
  • Facebook Twitter LinkedIn Email
logo companies our story apprenticeship leadership careers contact