APPLY NOW!
Job title: Chief Information Security Officer 1
Company: Department of Homeland Security
Job description: Minimum Qualifications Non-competitive: Bachelor’s degree* and five years of information technology experience, including three years of information security or information assurance experience.
*Appropriate information security or information assurance experience may substitute for the bachelor’s degree on a year-for-year basis; an associate’s degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Duties Description Under the general direction of the Director of the Department of Information Technology, the CISO incumbent will have overall responsibility for ensuring the implementation, enhancement, monitoring, and enforcement of the information security policies and standards related to infrastructure design and use of information assets throughout the NYS Thruway Authority (Authority). They will provide· leadership and technical expertise to ensure the integrity, confidentiality, and availability of information assets.
The CISO incumbent will have a role in decisions affecting information security and assurance. The incumbent will recommend and approve security policies, standards, processes, and education and awareness programs to verify that appropriate safeguards are implemented and to facilitate compliance with those policies, standards, and processes. The CISO incumbent will oversee alleged information security violations and follow Authority and NYS procedures for referring investigations to other investigatory entities.
General responsibilities include, but are not limited to: • Maintaining the confidentiality, integrity, availability of IT assets, information, data, and services for the Authority; • Directing, developing, delivering, and maintaining a comprehensive Information Security Program; • Managing policies, security threats, and incidents; • Ensuring proper controls are in place while monitoring and measuring for effectiveness; • Providing strategy and design insight for security; and • Supervising and directing security staff if needed.
Specific responsibilities include, but are not limited to:
- Directing, participating in, and managing an Authority information security and compliance program:
1. Development, deployment, and maintenance of an information security architecture that will provide security policies, mechanisms, processes, standards, and procedures that meet current and future Authority business needs.
2. Evaluating laws and regulations in consultation with Authority counsel to determine if said laws and regulations could affect the security controls and classification requirements of Authority information.
3. Reviewing and updating existing policies and recommending enhancements, assessing new policies and strategies to improve the Authority’s ability to provide clear and comprehensive policy direction related to physical, administrative, and technical information security.
4. Reviewing and documenting existing procedures; developing, reviewing and monitoring procedures and practices to ensure that Authority information is secure from unauthorized access, protected from inappropriate alternation, physically secure, and available to authorized users in a timely fashion ensuring general security awareness.
5. Participating in the development, implementation and maintenance of disaster recovery processes and techniques to ensure the continuity of the Authority’s business in the event of an extended period of computing resource unavailability.
6. Revising and assisting with information security planning and implementation strategies related to emergent business methods, processes and new systems/applications to ensure that they meet requirements and standards, that risk assessment and risk management strategies are considered, and that agency policies and procedures are adjusted as needed.
- Managing and resolving security threats to Authority information systems:
7. Investigating and reporting to the Director of the Department of Information Technology any potential information security violations, and implementing additional compensating controls when necessary to help ensure security safeguards are maintained.
8. Evaluating new security threats and counter measures that could affect the Authority and making appropriate recommendations to management to mitigate the risks.
9. Providing information security consulting regarding security threats that could affect Authority business and computing operations, and making recommendations to mitigate the risks associated with these threats.
10. Performing and assisting with Authority critical information asset inventories, value, and criticality assessment and risk assessment/management activities.
11. Administering regular internal intrusion testing, evaluating the results, and making changes to Authority information security procedures and training programs to improve compliance with State and agency information security policies.
12. Ensuring that sufficient resources are requested/allocated to designing, building, and operating the Authority’s IT infrastructure in a manner that is secure, reliable, and consistent with Authority business objectives.
13. Developing and implementing incident reporting and response protocols to assure timely response to information security incidents, to safeguard information security , accessibility, and integrity, and to support business continuity.
14. Assuring that administrative, physical and technical protocols adhere to federal and State information security mandates and requirements.
15. Developing metrics to measure the efficiency and effectiveness of information security.
- Serving as the information security expert and performing outreach activities:
16. Developing, implementing/administering, and verifying training to educate employees, contractors, and vendors on information security policies and procedures; developing and implementing information security protocols within new hire orientation.
17. Developing and implementing electronic communication protocols to effectively and efficiently support dissemination of security threats, vulnerability information, security awareness and best practices, and other related resources.
18. Developing and/or reviewing contracts, service level agreements, memoranda of understanding and other documents as required to ensure that they meet information security needs and requirements; preparing and providing input to State and federal policy and regulations related to information security.
19. Participating in audit response activities related to information security requirements and protocols; coordinating technical efforts in response to information and security compliance review or audits performed by external regulatory organizations or auditors.
- Supervising and/or managing staff and resources, as needed, dedicated to Authority information security:
20. Facilitating appropriate resource allocation to security initiatives.
Additional Comments The New York State Thruway Authority is an Equal Opportunity Affirmative Action Employer. New York State Human Rights Law prohibits discrimination based on age, race, creed, color, national origin, sexual orientation, military status, sex, disability, marital status, gender identity, prior arrests, prior conviction records, predisposing genetic characteristics or domestic violence victim status. The New York State Thruway Authority provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please contact the Office of Equal Employment Opportunity and Diversity Development at accomodations@thruway.ny.gov or call 518-471-4321.
Some positions may require additional credentials or a background check to verify your identity.
Some positions may require additional credentials or a background check to verify your identity.
Expected salary: $91645 – 125215 per year
Location: Albany, NY
Job date: Wed, 09 Jun 2021 01:39:34 GMT
APPLY NOW!
[ad_2]
