Review Vacancy
TitleChief Information Security Officer
Occupational CategoryNo Preference
Bargaining UnitM/C - Management / Confidential (Unrepresented)
Salary RangeFrom $91365 to $115490 Annually
Minimum Qualifications Bachelor’s degree and five years of information technology experience, including three years of information security or information assurance experience.
Substitution: Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Duties Description Under the general direction of the Director of the Bureau of Risk Management, the Chief Information Security Officer (CISO) represents the agency’s interests with respect to the security of its information and information systems and has a senior advisory role in decisions affecting information security and assurance. Duties include:
• Establishes and maintains the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
• Directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks.
• Responds to incidents, establishes appropriate standards and controls, coordinates with ITS CISO to manage new and existing technology concerns, and directs the establishment and implementation of IT related policies and procedures for the Commission.
• The CISO is responsible for ensuring compliance with all NYS ITS policy and procedures, as well as any external requirements; and serves as the Commission’s liaison to ITS.
• Coordinates agency development, deployment and maintenance of information security architecture, policies, standards, and procedures in accordance with State and agency information security policies; and ensures that Commission personnel are trained on applicable policies and procedures.
• Maintains knowledge of agency IT systems and potential risks to such systems, including development of information security and risk mitigation solutions for those systems. Monitors information security compliance and recommends improvements to control access to agency information assets and ensure security safeguards are maintained.
• Directs the development and implementation of the agency’s information security risk management program and determines the level of security controls required to protect information technology and information assets.
• Reviews threat and vulnerability reports and create detailed Action Plans to address risks.
• Works with third-party contractors to ensure compliance with information security requirements.
• Develops technology standards for Commission procurements.
• Oversees the coordination between Commission programs, NYS ITS, and third-party vendors, in Information Security Risk Assessment, Plan of Action, Vulnerability Remediation, Disaster Recovery and Incident Response.
• Coordinates agency technical efforts in response to information and system security compliance reviews or audits performed by external regulatory organizations or auditors.
• Coordinates with ITS and applicable investigatory entities in the investigation of alleged information security violations.
• Maintains awareness of IT/ Security industry trends, evaluate new solutions and techniques, and remain aware of emerging threats.
• Coordinates removal of staff from non-ITS supported systems and manages access to non-ITS supported systems.
• Performs a full range of supervisory responsibilities and other duties as assigned.
Preferred Skills:
• Master’s degree in information technology or information security.
• Minimum of two years of cyber security experience.
• CISM, CISA, CISSP or other equivalent security certification.
• Experience in project management or relevant experience coordinating large IT projects.
• Excellent interpersonal, written, and verbal communications skills; excellent analytical and problem-solving skills; experience presenting to executives and leadership teams, with the ability to communicate security and risk-related concepts, and the ability to translate technical information into plain language.
Additional Comments Telecommuting is NOT available to Gaming Commission employees.
Conditions of Employment: This position is non-competitive, phi-tagged, and without tenure protection as the incumbent will serve at the discretion of the Executive Director of the NYS Gaming Commission.
This position is designated as a policy-making position.
PROHIBITION AGAINST PLAYING AND WAGERING
Commission employees and family members residing in their households are prohibited from purchasing Lottery tickets or claiming Lottery prizes. Commission employees are prohibited from wagering upon any horse racing, commercial gaming, video lottery gaming, Indian gaming, charitable gaming activities, interactive fantasy sports, and mobile sports wagering within the State. To avoid any appearance of impropriety of conflict of interest, Commission employees will be prohibited from all aspects of promoting, operating, and playing in any charitable gaming, which includes bingo and games of chance such as raffles, whether the organization conducting the game is required to be licensed by the Commission. The prohibition placed upon each Commission employee from assisting with any charitable gaming does not apply to the employee's family unless the employee thinks it presents a conflict of interest related to his or her job duties. Commission employees must also avoid any outside activities that could interfere or be perceived to interfere with their job duties.
Some positions may require additional credentials or a background check to verify your identity.
Email Address human.resources@gaming.ny.gov
Address
Notes on ApplyingEmail submissions are preferred. CISO should be indicated in the subject line.
Please send your resume and cover letter in Word or PDF format. We are unable to open documents from Google Docs, Google Drive, OneDrive and/or "the Cloud".
Your Social Security Number may be required to confirm your eligibility.