Review Vacancy
AgencyTeachers' Retirement System
TitleInformation Security Officer
Occupational CategoryOther Professional Careers
Bargaining UnitCSEA Local 658 (NYS Teachers’ Retirement System)
Salary RangeFrom $81808 to $102167 Annually
Minimum Qualifications Bachelor's degree
• Five years of information technology experience, including three years of information security or information assurance experience to qualify at the SG-25 level.
• Six years of information technology experience, including four years of information security or information assurance experience to qualify at the SG-27 level.
• Must have a diverse security background including knowledge in at least three of the following areas: developing and implementing layered security architecture; internet protocols; firewalls; VPN technologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance.
* The grade level assigned to the position is dependent upon the candidate's qualifications. The complexity of tasks assigned will be tailored to the grade level.
Duties Description Under the direction of the Director of Risk Management, directs and
manages NYSTRS' information security and compliance program; manages and coordinates the resolution of security threats to NYSTRS' information systems; serves as an information security expert; confirms systems and contract alignment with NYSTRS' information security policies; and monitors information security industry trends, tools and techniques. Works cooperatively with NYSTRS' information security administration and operations teams.
Additional Comments Preferred Skills
Education:
Bachelor's Degree: BA or BS degree in Computer Science, Electrical
Engineering, Computer Engineering, Information Systems, or related fields.
Master's Degree: (MA or MS) in the same fields of study to include Business Administration and Finance, or 30 + hours of graduate work.
Certification:
• Certified Information Systems Security Professional (CISSP), or
• Certified Information Security Manager (CISM), or
• Certified in Risk and Information Systems Control (CRISC
Experience:
• 3-5 years experience:
• Developing incident response plans and leading information
security response teams.
• Conducting and/or coordinating technical security scanning,
penetration testing including social engineering testing,
application security testing, mobile device security analysis, and
similar monitoring and validation techniques.
• Implementing and managing information security technologies
and measures such as firewalls, IDS/IPS, endpoint protection,
encryption, access controls, network security, security
architecture and design, secure software application design,
etc.
• Hands-on infrastructure experience, networking, risk
management, and information security experience, as well as
demonstrated understanding of Cyber security.
• Conducting risk assessments and implementing appropriate
prevention, detection, and response mechanisms.
Computer Skills:
• Ability to adapt to rapidly changing technology and apply it to business needs.
• Knowledge in the use and configuration of commonly used protocols.
• Experience with hacker techniques and exploits.
• Extensive training and experience in computer technology and
networking with experience in enterprise networking infrastructure.
• Some web experience including backend server, security, and
SSL/TLS.
• Expertise in IT development, integration, delivery and maintenance
• Applied knowledge in one or more of the following areas: Platform Security, Data Security, Data Center and Cloud Computing Security, Network Security, Perimeter Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, and Managed Security Services.
• Applied knowledge in one or more of the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
• Advanced knowledge/proficiency with personal computers: MS Office Knowledge of Information Security Management Frameworks:
3-5 years security assessment experience, including:
• ISO/IEC 27000 family of standards for managing the security of
information assets
• NIST SP 800-30 rev 1 (September 2012) — Guide for Conducting Risk Assessments — Information Security.
Regulatory Knowledge:
• Knowledge of data privacy laws.
Other Skills & Abilities:
• Excellent organizational, written and verbal communication skills
• Strong leadership/team building skills
• Strong project and people management skills
• Ability to handle confidential and sensitive matters.
• High degree of initiative and dependability
• Willingness and ability to meet goals and deadlines
• Commitment to providing exceptional customer service
• Excellent interpersonal skills
Some positions may require additional credentials or a background check to verify your identity.
Email Address strsrecruitment@nystrs.org
Address
Street 10 Corporate Woods Drive
Notes on ApplyingIf you are interested in applying for this position please complete our on-line application. Our application may be found by visiting, www.nystrs.org. Once there, simply click on About Us and then Employment Opportunities. Click on the employment application link and select the position for Information Security Officer. Inquiries regarding vacancy posting, minimum qualifications, or application procedures may be made by email to strsrecruitment@nystrs.org. You can reach us by phone at (518) 447-2906.