Review Vacancy

Date Posted: 02/04/20
Applications Due: 02/15/20
Vacancy ID: 78620

Position Information

AgencyInformation Technology Services, Office of

TitleManager Information Technology Services 2 (Information Security) Ref #00050

Occupational CategoryI.T. Engineering, Sciences

Salary Grade29

Bargaining UnitPS&T - Professional, Scientific, and Technical (PEF)

Salary RangeFrom $100123 to $122623 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Non-competitive Class

Travel Percentage 0%

Schedule

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

Location

County Albany

Street Address W. Averell Harriman State Office Campus, Building 5, 4th Floor

City Albany

StateNY

Zip Code12207

Job Specifics

Minimum Qualifications Bachelor’s degree* and six years of information technology experience, including four years of information security or information assurance experience.

* Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications:

Master's Degree with a concentration or a major in Information Security, Cyber Security, Digital Forensics, or a related field.

Certification(s) in:

Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
Certified Information Systems Security Professional (CISSP)

5+ years of experience in:

• leading a team in related work.
• applying and implementing network and/or system security.
• information security incident response.
• security policy/standard/guideline development, implementation, or interpretation.
• technical writing.
• conducting risk assessments and evaluating information technology systems for security controls (Secure Systems Development Lifecycle).
• compliance assessments, audit support/response, and compliance/audit remediation.

3+ years of experience in:

• developing metrics and key performance indicators.
• process development and process improvement.
Possess a working knowledge of:
• Computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting.
• Government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS).
• Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering).
• Business intelligence, data analysis, data modeling, data visualization, and data presentation.
• Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series).
• IT Management Frameworks (ITIL, COBIT).
• Project management

Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.

Demonstrated critical thinking, problem solving and analytical skills.

Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.

Duties Description Under the direction of the Director of Integrated Security Services, within the Chief Information Security Office/Integrated Security Services/Security Services Team the position will provide management oversight to three or more Information Security Officers and their Security Service Teams. The incumbent will ensure coordination of processes between all Security Services Teams under their purview. In addition, the position will provide direction and support to subordinate Information Security Officers to enable effective delivery of security services to client agencies. The incumbent will act as a member of the Chief Information Security Office Leadership Team, helping shape and implement the strategic vision for cyber security within NYS.

The position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction. The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent must be able to communicate clearly with subordinate staff regarding work priorities and performance. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.

The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.

Specific duties include, but are not limited to:

Direct and manage information security and compliance programs:

• Develop or participate in the development, interpretation, review and communication of NYS information security policies, procedures and standards;
• Analyze the impact of proposed policy and legislation as they pertain to information systems and makes recommendations as appropriate;
• Direct the Security Service Teams in developing, deploying and maintaining procedures in accordance with State and agency information security policies and standards. Monitors compliance and takes appropriate action as needed;
• Oversee implementation of the Security Service Teams’ information security risk management program;
• Work with counterparts within the organization to ensure compatibility of all initiatives and acquisitions within and among the IT specialties;
• Write progress reports for IT and agency management that describe program status including the technical, fiscal, and staffing issues associated with meeting program goals;

Manage and resolve security threats to agency information systems:

• Oversee implementation and improvement of information security incident response plans, and reports;
• Oversee or coordinate response to potential security incidents;
• Escalate security concerns and report incidents to the applicable entities for review and action;

Serve as an information security expert, and evaluate systems and contract for alignment with agency and State information security policies:
• Direct and provide information security expertise to information security staff, ITS, and ITS-served agencies on a broad range of information security standards and best practices;
• Direct and review current and proposed portfolio-served agency, and multi-agency, architectures to meet security requirements;
• Direct, and participate in, the preparation and evaluation of portfolio-served agency, and multi-agency, RFP’s;
• Develop and maintain expertise in cyber security compliance domains including, but not limited to, FISMA, NIST SP 800-53 and other 800 series guidelines, IRS Pub 1075, PCI DSS, HIPAA, HITECH;
• Develop and maintain expertise in cyber security frameworks including, but not limited to, CIS Top 20 CSC, NCSF, and ISO/IEC 27000 series.

Manage staff and resources dedicated to the Security Services Teams:

• Confer with higher level managers, subordinates and users to develop long-term work objectives, taking into consideration technical, fiscal and staffing resources;
• Oversee resource allocation across multiple portfolio security service teams to ensure optimal delivery of services to clients;
• Oversee development of metrics to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation and increases the maturity of the security program;
• Perform all supervisory responsibilities including, but not limited to, assigning work, writing performance and probationary evaluations, conducting interviews, and hiring staff.

Monitor and stay aware of information security industry trends, tools and techniques:

• Represent the agency at internal and external information security meetings and conferences to maintain awareness, and evaluates the applicability of the latest information security techniques and tools to the agency’s security program;
• Collaborate with peers to develop a multilayered and adaptive approach to counter a dynamic information security threat environment;
• Research relevant laws and regulations in consultation with agency counsel that could affect the security controls and classification of information assets and approves adjustments to meet legal and regulatory requirements.

In addition, the incumbent will:

• Maintain an adequate level of current knowledge and proficiency in information security through annual Continuing Professional Education (CPE) credits directly related to information security;
• Assist CISO management with overall management of division activities as needed;
• Perform additional duties as required.

Additional Comments Approval to fill this position is pending with Division of the Budget (DOB). Background check and fingerprinting are required.

Some positions may require additional credentials or a background check to verify your identity.

Contact Information

Name Louise Nails

Telephone 518-473-0398

Fax 518-402-4924

Email Address HR.recruitment@its.ny.gov

Address

Street Empire State Plaza, Swan Street Building, Core 4

PO Box 2062

City Albany

State NY

Zip Code 12220

 

Notes on ApplyingTo apply, please submit a resume and cover letter indicating that you are applying for the Manager Information Technology Services 2 (Information Security) Ref: #00050. Please clearly indicate how you meet the minimum qualifications for this position. Your Social Security number may be required to confirm your eligibility.