Review Vacancy
TitleChief Information Security Officer 1
Occupational CategoryI.T. Engineering, Sciences
Bargaining UnitM/C - Management / Confidential (Unrepresented)
Salary RangeFrom $91365 to $115490 Annually
Minimum Qualifications Bachelor’s degree and five years of information technology experience, including three years of information security or information assurance experience.
Substitution:
Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
This is a newly classified position and the jurisdictional class assignment (non-competitive) is still pending approval. As such, the incumbent will serve temporary in the position until the jurisdictional class is approved. At that time, the incumbent’s status can change to permanent.
Duties Description Under the general direction of the Chief Risk Management Officer, the incumbent represents the agency’s interests with respect to the security of its information and information systems and has a senior advisory role in decisions affecting information security and assurance. Duties include:
• Coordinates agency development, deployment and maintenance of information security architecture, policies, standards, and procedures in accordance with State and agency information security policies.
• Maintains knowledge of agency IT systems and potential risks to such systems, including development of information security and risk mitigation solutions for those systems.
• Monitors information security compliance and recommends improvements to control access to agency information assets and ensure security safeguards are maintained.
• Directs the development and implementation of the agency’s information security risk management program and determines the level of security controls required to protect information technology and information assets.
• Reviews threat and vulnerability reports and create detailed Action Plans to address risks.
• Works with third-party contractors to ensure compliance with information security requirements.
• Develops effective disaster recovery policies and standards; coordinates the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a disaster and provides direction and in-house consulting in these areas.
• Coordinates agency technical efforts in response to information and system security compliance reviews or audits performed by external regulatory organizations or auditors.
• Coordinates with ITS and applicable investigatory entities in the investigation of alleged information security violations.
• Maintains awareness of IT/ Security industry trends, evaluate new solutions and techniques, and remain aware of emerging threats.
Preferred Skills:
• Master’s degree in information technology or information security.
• Minimum of two years of cyber security experience.
• CISM, CISA, CISSP or other equivalent security certification.
• Experience in project management or relevant experience coordinating large IT projects.
• Strong written and oral communication skill, including the production of technical specifications and documentation, and the ability to translate technical information into plain language.
Additional Comments The work schedule is Monday through Friday, 9:00 AM – 5:00 PM AND unscheduled hours as necessary.
Conditions of Employment: This position is non-competitive, phi-tagged, and without tenure protection as the incumbent will serve at the discretion of the Executive Director of the NYS Gaming Commission.
This position is designated as a policy-making position.
Some positions may require additional credentials or a background check to verify your identity.
Email Address human.resources@gaming.ny.gov
Address
Notes on ApplyingEmail submissions are preferred. Chief ISO should be indicated in the subject line.
Please send your education credentials (transcript), resume, and cover letter in Word or PDF format. We are unable to open documents from Google Docs, Google Drive, OneDrive and/or "the Cloud".