Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 05/18/22

Applications Due05/28/22

Vacancy ID105192

AgencyInformation Technology Services, Office of

TitleInformation Security Manager, Ref. #18584-ISE

Occupational CategoryI.T. Engineering, Sciences

Salary Grade668

Bargaining UnitM/C - Management / Confidential (Unrepresented)

Salary RangeFrom $112155 to $141538 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5


From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? Yes

County Albany

Street Address W. Averell Harriman State Office Campus, Building 5, 4th Floor

City Albany


Zip Code12207

Minimum Qualifications Bachelor’s degree with at least 15 credit hours in cyber security,
information assurance or information technology and six years of information technology experience, including five years of information security or information assurance experience and four years at a supervisory level or two years at a managerial level.

Note: Bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience. Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications:

• Master’s degree with a concentration or major in:
o Information Security, Cyber Security, Digital Forensics, or a related field.
o Business Administration, Public Administration, or a related field.

• Certificates in one or more of the following:
o Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)
o Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
o Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
o Certified Information Systems Security Professional (CISSP)

• 5 or more years of experience in the following:
o Leading a team in related work.
o Applying and implementing network and/or system security.
o Information security incident response.
o Security policy/standard/guideline development, implementation, or interpretation.
o Technical writing
o Conducting risk assessments and evaluating information technology systems for security controls (Secure Systems Development Lifecycle).
o Compliance assessments, audit support/response, and compliance/audit remediation.
o Developing metrics and key performance indicators.
o Process development and process improvement.

• Possessing a working knowledge of the following:
o Government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS).
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering).
o Business intelligence, data analysis, data modeling, data visualization, and data presentation.
o Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series).
o IT Management Frameworks (ITIL, COBIT).
o Project Management

• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.

• Demonstrated critical thinking, problem solving and analytical skills.

• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.

Duties Description Under the direction of the Chief Information Security Officer or Deputy CISO, the position will oversee the Information Security Engineering Bureau (ISE). The incumbent will act as a senior member of the Chief Information Security Office Leadership Team, helping shape and implement the strategic vision for cyber security within NYS.
The Information Security Engineering Bureau (ISE) provides security services to the Office of Information Technology Services (ITS), helping to ensure ITS provides secure and compliant solutions for its client agencies. ISE has sections to support security architecture and engineering, ITS ISO support, and risk management.
The position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction. The position requires communicating orally and in writing with various individuals including executive management, users, vendors, and other IT staff. The incumbent must be able to communicate clearly with subordinate staff regarding work priorities and performance. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
Specific duties include, but are not limited to:
• Performs administrative and strategic functions to assist the Chief Information Security Officer in managing the operations of the Chief Information Security Office.
• Directs the Information Security Engineering Bureau in developing, deploying, and maintaining procedures for technical security reviews of systems and architecture. Monitors compliance and takes appropriate action as needed.
• Oversees resolution of security threats to ITS information systems.
• Serves as an information security expert and evaluates systems and contract for alignment with agency and State information security policies.
• Monitors and stays aware of information security industry trends, tools, and techniques.
• Manages staff and resources dedicated to the Information Security Engineering Bureau.
• Maintains an adequate level of current knowledge and proficiency in information security through annual Continuing Professional Education (CPE) credits directly related to information security.
• Assists CISO with overall management of division activities as needed.

Additional Comments Additional information regarding salary will be discussed at time of interview. Background check and fingerprinting are required.

All Office of Information Technology Services (ITS) employees are required to be tested weekly for COVID-19 unless they are fully vaccinated. Employees who are vaccinated must provide proof of vaccine status through a secure online portal.

New York State is an equal opportunity employer.

Some positions may require additional credentials or a background check to verify your identity.

Name Louise C. Nails

Telephone 518-473-5282

Fax 518-402-4924

Email Address


Street Office of General Services, Human Resources Management

26th Floor, Corning Tower

City Albany

State NY

Zip Code 12242


Notes on ApplyingTo apply, please submit a resume, cover letter to Louise C. Nails, indicating you are applying for Information Security Manager, Ref. #18584-ISE. Please clearly indicate how you meet the minimum qualifications for this position. Your Social Security number may be required to confirm your eligibility.

Printable Version