Please note: State agencies that contact job applicants do not usually request personal or financial information via text message or over the phone in connection with your response to a job posting. If you are contacted for such information by these methods, or any other method, please verify the identity of the individual before transmitting such information to that person.

Review Vacancy

Date Posted 07/24/15

Applications Due08/25/15

Vacancy ID22546

AgencyAttorney General, Office of the

TitleAssistant Attorney General – Chief Information Security Officer

Occupational CategoryLegal

Salary GradeNS

Bargaining UnitM/C - Management / Confidential (Unrepresented)

Salary RangeFrom $0 to $0 Annually

Employment Type Full-Time

Appointment Type Permanent

Jurisdictional Class Exempt Class

Travel Percentage 0%

Workweek Mon-Fri

Hours Per Week 37.5

Workday

From 8:30 AM

To 5 PM

Flextime allowed? No

Mandatory overtime? No

Compressed workweek allowed? No

Telecommuting allowed? No

County Albany

Street Address The Capitol

City Albany

StateNY

Zip Code12224

Minimum Qualifications The Information Technology Bureau of the Office of the New York State Attorney General (OAG) is seeking an experienced legal professional with JD degree and 3-5 years of experience in information security or information assurance to serve as the Chief Information Security Officer (CISO). Qualified candidates for this role will have functioned as a CISO or other security leader and possess a firm understanding of the technical components surrounding information security and risk management. A current certification as an Information Security Officer from a recognized ISO certification organization is preferred.

Applicants must reside in (or intend to soon become a resident of) New York State and be admitted to practice law in New York State. In addition, the Public Officers Law requires that attorneys in the Office be citizens of the United States.

Duties Description POSITION SUMMARY
• Report directly to the Chief Information Officer (CIO);
• Provide leadership and technical expertise to ensure the integrity, confidentiality and availability of OAG information technology assets;
• Act in a senior advisory role for decisions affecting information security and assurance and cyber security;
• Coordinate security efforts to ensure that all OAG networking, SAN, Virtualization, VoIP, Microsoft Windows Server and Server Applications (Exchange, SQL and Share Point), Litigation Holds and databases adhere to best practices associated with the documenting, managing and securing of these systems;
• Recommend and approve security policies, standards, and processes and facilitate compliance with those policies, standards and processes;
• Oversee alleged information security violations following agency and State procedures for referring the investigation; and
• Our current working environment includes Microsoft Active Directory, Microsoft Window Servers and Microsoft Exchange Servers and Databases.

JOB RESPONSIBILITIES
Work directly with IT Management in support of the following responsibilities:
• Review, update and create security policies and procedures;
• Assist in the evaluation of emerging technologies and their potential security impact;
• Ensure policies and procedures on the OAG Intranet are current;
• Develop and implement the agency’s information security risk management program;
• Evaluate any security threats to the agency and direct the investigation of alleged information security violations, following agency procedures;
• Develop and implement information security incident response plans;
• Schedule regular internal intrusion testing, as well as assist in the review and evaluation of various security audit logs;
• Plan and participate in remediation activities;
• Provide security guidance for all IT projects and review new projects for security risks;
• Develop procedures and provide counsel to attorneys, investigators and staff to ensure security in covert, internet based investigations;
• Represent the agency at internal and external security meetings;
• Research laws and regulations that could affect the security controls and classifications;
• Monitor various state, federal and industry security resources for emerging threats, evaluate their impact to OAG, and make appropriate countermeasure strategy recommendations to management;
• Confirm OAG compliance with applicable federal and state mandated laws, rules and regulations regarding information security;
• Monitor information security compliance and recommend improvements;
• Recommend and approve security education and awareness programs;
• Implement security training to technical staff and the user community where applicable, promoting employee education and awareness;
• Automate system reporting and proactive alerting for actionable situations, as well as optimize system monitoring, maintenance and reporting as related to security;
• Actively participate in IT Change Control meetings ensuring OAG policies and information security is maintained and assist with the evaluation of emerging technologies;
• Develop, deploy and manage an information security framework utilizing industry best practices;
• Establish a view of the entire security landscape, identifying potential security gaps and prioritizing initiatives for improvement;
• Maintain guidelines for development of secure application code;
• Supervise staff and assign work, write performance and probationary evaluations, conduct interviews and hire staff as needed; and
• Manage vendors as needed including review contracts, service level agreements and other documents to verify they meet information security needs and requirements.
Applicants should possess excellent interpersonal, written and verbal communications skills excellent analytical and problem solving skills, and have experience communicating security concepts to all levels of the organization.
Technology certification(s) preferred for this position
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

Additional Comments Salary commensurate with experience.

Applicants must reside in (or intend to soon become a resident of) New York State and be admitted to practice law in New York State. In addition, the Public Officers Law requires that attorneys in the Office be citizens of the United States.

Candidates from diverse backgrounds are encouraged to apply. The Office of the Attorney General is an equal opportunity employer and is committed to workplace diversity.

Some positions may require additional credentials or a background check to verify your identity.

Name Sandra Jefferson Grannum, Esq., Bureau Chief

Telephone

Fax

Email Address recruitment@ag.ny.gov

Address

Street NYS Office of the Attorney General

Legal Recruitment Bureau - 120 Broadway

City New York, NY

State NY

Zip Code 10271

 

Notes on ApplyingApplications are being received online. To apply, please go to our website, www.ag.ny.gov, Resources/Job Opportunities – Attorney Positions

Applicants must be prepared to submit a complete application packet consisting of a cover letter, resume, writing sample, and a list of three (3) references with their contact information and email addresses. You may address your cover letter to Sandra Jefferson Grannum, Esq., Bureau Chief, Legal Recruitment. Please note: Failure to submit a complete application will delay the consideration of your application.

For questions about a position with the OAG, the application process or assistance with submitting your application, please contact the Legal Recruitment Bureau via email at recruitment@ag.ny.gov or phone at 212-416-8080.

For more information about the OAG, please visit our website: www.ag.ny.gov

Printable Version