Review Vacancy
AgencyDASNY - Dormitory Authority of the State of New York
TitleInformation Security Officer
Occupational CategoryI.T. Engineering, Sciences
Salary RangeFrom $81403 to $81403 Annually
Minimum Qualifications Minimum Qualifications
Bachelor's degree in Business Administration or a technology-related field and professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials plus five years of combined experience in IT Security and IT Risk Management. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST. Experience in developing and executing Disaster Recovery programs
Preferred Qualifications
Master's degree in Computer Science and professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials plus five years or more of combination experience in IT Security and IT Risk Management. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST. Experience in developing and executing Disaster Recovery programs. Hands-on experience in LAN/WAN management. Experience with IT Asset Management. Experience with contract and vendor negotiations. Management experience with the ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Essential Skills
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
• Demonstrated analytical and conceptual skills.
• Demonstrated ability to work in a team environment.
• Demonstrated ability in disaster recovery and business recovery planning and testing.
• Demonstrated ability to identify and suggest ways to minimize business risk.
• Ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Duties Description Primary Purpose
The Information Security Officer (ISO) is responsible for protecting and maintaining the confidentiality, integrity and availability of information and related infrastructure assets; managing the risk of security exposure or compromise; assuring a secure and stable information technology (IT) environment; identifying and responding to events involving information asset misuse, loss or unauthorized disclosure; monitor systems for anomalies that might indicate compromise; and increase the awareness of information security within DASNY.
Essential Functions
• Manage and coordinate technology and security risk management which includes pro-active investigations to test for risk tolerance and potential weaknesses in DASNY’s IT environment including but not limited to infrastructure, on-site and off-site data, applications and asset management.
• Oversee IT network and data security architecture. Improve DASNY’s security infrastructure while also improving DASNY users ease of use.
• Conduct regular penetration testing and keep records of all test data and schedule of future testing.
• Maintain security of all electronic data, documents and records and regularly test vulnerabilities.
• Plan, install, and maintain required security software, hardware, firmware, and appliances. Provide advice on security issues related to procurement of products and services.
• Provide consultation to management with regard to all information security.
• Review and approve all external network connections to DASNY’s network.
• Escalate security concerns that are not being adequately addressed according to the applicable reporting and escalation procedures.
• Maintain records and controls for all IT security related matters including but not limited to pro-active investigations, risks, threats, actual security events, technology related assets, system life cycles, penetration testing, data vulnerability testing, and provides up to date time schedules of all reviews and follow-ups.
• Create and maintain incident response plans, consistent with New York State standards, to effectively respond to security incidents.
• Evaluate security threats and counter measures that could affect DASNY; make recommendations to management to mitigate risks.
• Investigate and report security incidents and malfunctions to management and ITS in accordance with the ITS Incident Reporting Policy.
• Ensure appropriate follow up to security violations.
• Maintain an adequate level of current knowledge and proficiency in Information Security through training and receiving annual Continuing Professional Education (CPE) credits directly related to Information Security.
• Create and update all policies, procedures and protocols relating to IT security and risk management.
• Define and mitigate gaps between DASNY policies/practices and the NYS Information Security Policy Standards established and issued by the Office of Information Technology Services.
• Ensure compliance with all federal and State laws and regulations affecting security controls and classification requirements of DASNY’s information.
• Ensure appropriate information security awareness and educate all DASNY employees, and third party individuals as required.
• Act as liaison between DASNY and external auditors.
• Maintain current industry knowledge and build relationships with IT security related organizations on industry and government standards, information security market movement, and current technology risks and threats.
• Develop technology security controls for the organization.
• Coordinate the development and implementation of information security policies, standards, procedures, and other control processes.
• Coordinate with IS staff to ensure security measures are implemented in accordance with policy requirements.
• Participate in new hire on-boarding providing appropriate system credentials and training new hires on DASNY’s “need to know” information regarding its’ IT network, applications and security.
• Lead the development of, maintains and test the DASNY's Disaster Recovery Plan (DRP).
• Maintain records on system access to the DASNY technology environment with regard to access levels on all technology including but not limited to applications, equipment, and records.
• Maintain records on all DASNY technology assets and equipment including but not limited to: computer hardware and devices, computer monitors and peripherals, mobile phones/equipment/devices, construction technology devices and equipment, infrastructure hardware and devices, applications and software, cloud data storage, off-site physical data storage.
Other Duties and Responsibilities
• Assist Management in the development of policies.
• Develop, document and implement procedures.
• Undertake special assignments as directed.
• Must adhere to the NYS Information Security Policy Standards established and issued by the Office of Cyber Security and Critical Infrastructure Coordination.
• Must maintain regular attendance in accordance with DASNY attendance and leave policies.
Supervision
May train and supervise employees.
Additional Comments Physical/Mental/Visual Demands
Travel is required, using public transportation, DASNY vehicle, rental vehicle or personal vehicle. This travel may include overnight stays at public accommodations and related establishments. Must be able to work overtime or extended work hours as needed.
Work Environment
Standard office environment, including the use of one or more of the following: PC, telephone, fax machine, printer, copier, electronic stapler/hole punch/date stamp, shredder.
We offer a comprehensive benefits plan, which includes:
• Choice of several health insurance plans
• Dental & vision insurance
• Membership in the NYS Retirement System
• Deferred Compensation Investment Plan
• 13 vacation days per year
• 13 sick days per year
• 5 days of personal leave per year
• 12 paid holidays per year
• Tuition reimbursement
• Training & development opportunities
Some positions may require additional credentials or a background check to verify your identity.
Email Address JobOpps2@dasny.org
Address
Notes on ApplyingApplicant Instructions
Please specify the exact title and location of the position that you are applying for. All candidates must submit a resume demonstrating evidence of meeting the qualifications as specified in the job notice. Please include all relevant employment history, including the name of each employer, dates of employment and titles held.
Qualified candidates should send a resume and letter of interest to:
Nicholas Ouellette
515 Broadway, Albany, NY 12207
518.257.3550 (fax)
JobOpps2@dasny.org (e-mail)
We encourage all applicants to submit electronically.
DASNY is an Equal Employment Opportunity employer committed to excellence and diversity.
All qualified candidates are encouraged to apply.