Review Vacancy
AgencyInformation Technology Services, Office of
TitleNYS Chief Information Security Officer (NYS Deputy Chief Information Officer), #00025
Occupational CategoryAdministrative or General Management
Bargaining UnitM/C - Management / Confidential (Unrepresented)
Salary RangeFrom $137883 to $173431 Annually
Minimum Qualifications Bachelor’s degree* and 10 years of progressive experience in information technology, including 6 years of information security or information assurance experience, with at least 4 years in an information technology management position.
*Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Preferred Qualifications
• Professional certifications such as Certified Information Systems Security Professional (CISSP), GIAC Strategic Planning, Policy & Leadership (GSTRT), GIAC Security Leadership (GSLC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).
• Excellent interpersonal, written, and verbal communications skills.
• Excellent analytical and problem-solving skills
• Experience presenting to executives and leadership teams, with the ability to communicate security and risk-related concepts.
Duties Description The NYS Chief Information Security Officer (NYS CISO) will coordinate cross-agency efforts to protect New York State from cyber threats. In the NYS Office of Information Technology Services (ITS), the NYS CISO will direct the Chief Information Security Office to ensure the confidentiality, integrity, and availability of the State’s information assets. The CISO leads the development and implementation of security policies and ensures compliance and governance of ITS’ comprehensive enterprise information security and risk management program. This includes providing advisement on a broad range of information security mandates and standards, and guiding the application of industry-recommended practices, including alignment to the National Framework for Improving Critical Infrastructure Cybersecurity, to improve the State’s existing cybersecurity program. The CISO also provides leadership and oversight to the NYS Cyber Command Center which includes event and threat analysis, digital forensics, red team testing, and incident response.
In addition to responsibilities within ITS, the CISO will play the lead role in New York’s cyber risk management program, working with the Governor’s office, the Division of Homeland Security and Emergency Services, and other NYS cyber security units to implement programs that mitigate cyber risk across New York’s public and private sectors.
Duties include, but are not limited to:
•Advise and assist the Executive Chamber and the heads of all State agencies in the development of policies and programs related to cybersecurity.
• Work with the Executive Chamber to coordinate the implementation of these policies and programs in New York’s Executive agencies.
• Develop, maintain, and assure information security and risk management program governance, and compliance with policies, standards, protocols and best practices and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts.
• Collaborate with executive management in ITS and all Executive agencies and authorities to identify and understand the information assets that support critical business functions and public services, and assess and strategize to manage related cybersecurity risks in a manner consistent with the State’s overall cybersecurity risk management program and business objectives.
• Direct information security risk management initiatives across New York State’s Executive agencies and authorities, advising executive management on cybersecurity risk and acceptable risk tolerances, ensuring protection and compliance with regulatory requirements.
• Manage threat detection activities and provide advisement on cyber security threats and vulnerabilities; direct the development and implementation of appropriate safeguards to ensure system resiliency, protect critical infrastructure services, and detect, contain, and respond to cybersecurity incidents.
• Oversee New York State’s response to cyber incidents, and coordinate efforts to restore and recover from events that may negatively affect information, systems, and critical infrastructure that support State functions.
• Direct the development of effective information security awareness training programs for employees, contractors, and users, and facilitate cyber preparedness exercises involving business, technical and partner representatives.
• Provide routine updates on cyber risks, incidents and priority initiatives, and work with executive management to prioritize initiatives and spending to reduce cybersecurity risk and improve the overall information security program.
• Maintain collaborative internal and external information sharing partnerships to assure the State has timely and actionable cyber intelligence regarding threats, incidents, response strategies and solutions (e.g., Multi-State Information Sharing and Analysis Center, NYS Cyber Intelligence Center (Fusion Center), Federal Bureau of Investigation, U.S. Department of Homeland Security, NYS Division of Homeland Security and Emergency Services, and other state and local agencies).
• Work closely with critical infrastructure owners and operators to help them reduce their risk and minimize the impact of incidents on the public.
• Direct the Chief Information Security Office’s participation/integration as it pertains to ITS strategic planning, transformation initiatives, enterprise architecture and operations; procurement of services and solutions, secure system architecture, evaluation of security controls, configuration, and maintenance; enterprise security budget proposals; monitoring and reporting on spending; procuring and managing contracts related to managed security services; and performance metrics.
• Perform full range of supervisory responsibilities, leading a team of 70+ cybersecurity professionals within ITS.
Additional Comments This position will be located in Albany or New York City. If you are the selected candidate, New York State residency will be required by the time of appointment. Specific location, hours, and telecommuting opportunities will be discussed during the interview. All Office of Information Technology Services (ITS) employees are required to be tested weekly for COVID-19 unless they are fully vaccinated. Employees who are vaccinated must provide proof of vaccine status through a secure online portal. Positions located in NYC will receive an annual downstate adjustment payment of $3,026 in addition to the regular salary.
This posting will remain up until position is filled.
Some positions may require additional credentials or a background check to verify your identity.
Email Address louise.nails@ogs.ny.gov
Address
Street Empire State Plaza, Human Resources Management
Corning Tower, Floor 26
Notes on ApplyingPlease submit a clear, concise cover letter and resume to the attention of Louise Nails indicating you are applying for NYS Chief Information Security Officer, Ref. #00025, describing how you qualify to: HR.Recruitment.ITS@ogs.ny.gov, or mail to:
Louise Nails
NYS Office of General Services
Empire State Plaza
Corning Tower, Floor 26
Albany, NY 12220