Review Vacancy
AgencyInformation Technology Services, Office of
TitleManager Information Technology Services 1 Infomation Security - 10283
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)
Salary RangeFrom $106898 to $131665 Annually
Appointment Type Contingent Permanent
Duties Description Under the direction of the Information Security Office within the Dedicated Support Team for Department of Labor, the Manager Information Technology Services 1 Information Security, SG-27 (MITS1 IS) will be the Manager of Cyber Risk and Security Operations. They will lead a team that provides risk assessment and security operation services to the Information Technology Services (ITS) Dedicated Support Team and their client agencies. The incumbent will lead their team in providing in-depth information security risk assessment consulting and services aligned with business needs of the client agencies to ensure confidentiality, integrity, and availability of information and systems and the position will lead the development and operation of a security information and event management program (SIEM).
The position requires an incumbent to act with independence in alignment with agency and upper-level management strategic direction. The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent must be able to communicate clearly with subordinate staff regarding work priorities and performance. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, New York State (NYS) agencies, or ITS.
Specific duties shall include, but are not limited to:
•Develop the strategic implementation of a Security Information and Event Management program and related activities to operationalize the program.
•Serves as the incident response expert to triage SIEM alerts and liaisons with appropriate investigation units.
•Continually work with business units to define relevant threat hunting scenarios in the development and refinement of the SIEM program.
•Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies.
•Supervises staff and resources for an existing risk assessment security team.
•Assists the Information Security Officer with overall management of section activities as needed.
•Monitors and stays aware of information security industry trends, tools, and techniques.
•Serve as a liaison between DCT leadership and CISO, representing agency interests while supporting statewide cybersecurity initiatives.
•Performs additional duties as required.
Minimum Qualifications Minimum Qualifications:
Non-competitive: Seven years of information technology, cybersecurity, or information assurance experience*, including one year at the supervisory level.
*Substitutions:
A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of
required experience; any bachelor’s substitutes for two years of required experience.
An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may
substitute such credits for one year of required experience.
A master’s degree or higher in computer science or related field substitutes for one year
of required experience.
Preferred Qualifications:
Applicable Information Security certificate(s), including but not limited to:
•Certified Information Systems Security Professional (CISSP)
•Incident Response (ECIH, GCFA, GCIH, GNFA, CySA+)
•Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)
•Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
•Certificate in Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
•Experience in one or more of the following areas:
-leading an information security team
-applying and implementing network, system, or application security
-security policy/standard/guideline development, implementation, or interpretation
-conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
-process development, improvement, and measurement
-information security incident response and handling
-digital forensics and investigations
-log monitoring and analysis
•3+ years’ experience in the following areas:
-review and recommendations for network and/or system security
-information security incident response
-security policy/standard/guideline development, implementation, or interpretation
-technical writing
•1+ years’ experience in the following areas:
-developing metrics and key performance indicators
-Secure System Development Lifecycle (SSDLC)
-incident response and triage
-process development and process improvement
-interpreting and implementing IRS Federal Tax Information safeguards (Publication 1075)
•Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
•Demonstrated critical thinking, problem solving and analytical skills
•Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results
Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.
Some positions may require fingerprinting.
Some positions may require up to 25% travel and/or lifting up to 50 lbs. Some positions are pending Civil Service approval. Details of position(s) will be described further if you are selected for an interview.
If eligible, positions located in New York City will receive an additional $3,400 downstate adjustment location pay with regular annual salary. Positions located in the Mid-Hudson will receive an additional $1,650 adjustment location pay.
to permanent non-competitive and the official probationary period will begin.
Benefits of Working for NYS Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Thirteen (13) days of paid sick leave annually for PEF.
• Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
Additional Benefits
• New York State Employees’ Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more.
The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.
Some positions may require additional credentials or a background check to verify your identity.
Email Address PostingResponses@its.ny.gov
Address
Swan Street Building, Core 4, Floor 1
Notes on ApplyingTo apply for this position, please submit a cover letter and resume clearly indicating how you qualify. Ensure that you include the vacancy ID in the subject of your email for prompt routing. Your Social Security number may be required to confirm eligibility.