Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.
Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.

Review Vacancy

Date Posted 05/15/15

Applications Due05/25/15

Vacancy ID21068

AgencyInformation Technology Services, Office of

TitleEnterprise Chief Information Security Officer

Occupational CategoryI.T. Engineering, Sciences

Salary GradeNS

Bargaining UnitM/C - Management / Confidential (Unrepresented)

Salary RangeFrom $114232 to $143681 Annually

Employment Type Full-Time

Appointment Type Temporary

Jurisdictional Class Pending Non-Competitive

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 9 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

County Albany

Street Address To be determined

City Albany or NYC

StateNY

Zip Code00000

Minimum Qualifications Bachelor’s degree* and 10 years of progressive experience in information technology, including 6 years of information security or information assurance experience, with at least 4 years in an information technology management position.

*Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.

Preferred Qualifications:
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).
• Excellent interpersonal, written and verbal communications skills.
• Excellent analytical and problem solving skills.
• Experience presenting to executives and leadership teams, with the ability to communicate security and risk-related concepts.

Duties Description The New York State Office of Information Technology Services (ITS) is seeking an individual to serve as its Enterprise Information Security Officer, to ensure the confidentiality, integrity and availability of the State’s information assets critical to the citizens of New York State and its workforce!

ITS was established by the Governor’s Office in 2012 to consolidate IT service delivery to all New York State Agencies. Historically, information technology systems, applications, and solutions were developed and deployed within individual state agencies for specific programs or regions. This has presented ITS with the opportunity to lead the nation in serving citizens, businesses, and visitors through consolidated technology services. We believe our employees are our most important asset in achieving this and seek innovative, energetic individuals to contribute to this effort. We work as one connected community of technology professionals with opportunities for our employees to build new skills, achieve a higher degree of mastery, and take on bigger challenges. We look for innovative solutions that anticipate our partners’ needs, extending into the “foreseeable future” the technologies we provide today. We maintain a working environment that empowers our employees to think and act creatively in the best interest of our organization and our customers. We are committed to a set of core values that drives how we approach our solutions:

• Leadership and Excellence
• Empowerment and Partnership
• Innovation and Creativity
• Accountability, Integrity, and Ownership
• Teamwork and Collaboration
• Customer Service and satisfaction

The Enterprise Chief Information Security Officer (CISO) will direct the Enterprise Information Security Office (EISO) of the New York State Office of Information Technology Services (ITS) to help ensure the confidentiality, integrity and availability of the State’s information assets. The ITS EISO is responsible for ITS’ information security and cyber risk management program and plays an integral role in state government’s overall cyber risk management program. EISO encompasses six functional areas to support this mission: Security Governance, Risk Management and Compliance; Security Program and Performance Management; Secure System Engineering/Architecture; Cyber Incident Response, Cyber Security Operations and Cluster Security Services. The CISO leads the development and implementation of statewide security policies and ensures compliance and governance of ITS’ comprehensive enterprise information security and risk management program. This includes providing advisement on a broad range of information security mandates and standards, and guiding the application of industry-recommended practices, including alignment to the National Framework for Improving Critical Infrastructure Cybersecurity, to improve the State’s existing cybersecurity program.

Duties will include, but not be limited to:

• Develop, maintain, and assure information security and risk management program governance; compliance with policies, standards, protocols and best practices; and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts.
• Collaborate with executive management to identify and understand the information assets that support critical business functions, and assess and strategize to manage related cybersecurity risks in a manner consistent with the State’s overall cybersecurity risk management program and business objectives.
• Direct and implement effective Enterprise confidentiality strategies, tailored to specific agency missions and laws where necessary.
• Work with Cluster Information Security Officers to implement standardized internal controls and performance metrics at an enterprise level. Develop strategies for enhancements with Cluster ISOs and agency Commissioners, as required.
• Direct information security risk management initiatives across IT, advising executive management on cybersecurity risk and acceptable risk tolerances, ensuring protection and compliance with regulatory requirements.
• Manage detection activities and provide advisement on cyber security threats and vulnerabilities; direct the development and implementation of appropriate safeguards to ensure system resiliency, protect critical infrastructure services, and detect, contain and respond to cybersecurity incidents.
• Oversee enterprise incident response, and partner with agency efforts to restore and recover from events that may negatively affect information, systems and critical infrastructure that support State business functions.
• Direct the development of effective information security awareness training programs for employees, contractors and users, and facilitate cyber preparedness exercises involving business, technical and partner representatives.
• Provide routine updates on cyber risks, incidents and priority initiatives, and work with executive management to prioritize initiatives and spending to reduce cybersecurity risk and improve the overall information security program.
• Maintain collaborative internal and external information sharing partnerships to assure the State has timely and actionable cyber intelligence regarding threats, incidents, response strategies and solutions (e.g. Multi-State Information Sharing and Analysis Center, NYS Cyber Intelligence Center (Fusion Center), Federal Bureau of Intelligence, U.S. Department of Homeland Security and State Department of Homeland Security and Emergency Service, and state and local agencies).
• Direct the EISO’s participation/integration as it pertains to ITS strategic planning, transformation initiatives, enterprise architecture and operations; procurement of services and solutions, secure system architecture, evaluation of security controls, configuration and maintenance; enterprise security budget proposals; monitoring and reporting on spending; procuring and managing contracts related to managed security services; and performance metrics.
• Perform the full range of supervisory responsibilities.

Additional Comments This position is pending New York State Civil Service, Civil Service Commission, and Division of the Budget approval, and will be located in either NYC or Albany. Additional details on location will be discussed at time of interview.

Background check and fingerprinting are required.

Some positions may require additional credentials or a background check to verify your identity.

Name Charlene Maroni

Telephone 518-473-0398

Fax 518-402-4924

Email Address HR.recruitment@its.ny.gov

Address

Street NYS Office of IT Services

Empire State Plaza, P.O. Box 2062

City Albany

State NY

Zip Code 12220

 

Notes on ApplyingTo apply, please submit a resume and cover letter attention Charlene Maroni, indicating that you are applying for Enterprise Chief Information Security Officer. Please clearly indicate how you meet the minimum qualifications for this position and include Albany or NYC location preferences.

Printable Version