The CISO will formulate the development and implementation of major policies and practices in support of the Department's goals and objectives in the area of instructional and information technology. As a member of the Chief Information Officer's senior leadership team, the CISO is responsible for advising the CIO on strategic decision-making. Performs related work.
Reports to: Chief Information Officer (CIO)
Direct Reports: Director of Security Engineering, Director of Identity and Access Management
Key Relationships: Chief Information Officer; DIIT's Senior Leadership Team; Department of Education (DOE) steering committees; DOE senior management; the Office of Legal Services; external stakeholders, including regulators, software and hardware vendors, auditors, and consultants.
- Plans, designs and implements the DOE's Information Technology (IT) security policy affecting all users in the organization including technology instruments attached to DOE technical infrastructure, e.g., endpoint computing devices, routers and switches.
- Designs the network security policies, procedures and technologies to ensure the safety, privacy and integrity of the DOE network, computer resources and data. Manages the creation, communication, and enforcement of information security policies, procedures, standards, and guidelines.
- Oversees staff and works with systems engineers responsible for maintaining proper security procedures on client and server-based systems connected to the Wide Area Network (WAN) and Local Area Network (LAN).
- Oversees the overall planning, design, implementation, installation, and testing of WAN routers and switches throughout the DOE. Advises the CIO on the selection, acquisition, installation, modification, monitoring, and management of WAN computer systems security support.
- Plans and assists in the overall security design and implementation of LAN and WAN routers and switches throughout the DOE; supervises the installation and testing of these routers and switches.
- Oversees the Information Technology risk assessment process ensuring that risks are actively managed throughout the DOE. Participates on DOE steering committees regarding issues of information security and risk management.
- Conducts feasibility studies for the acquisition of new and complex data communications software products and makes recommendations on their possible use. Provides evaluations and documents results for the CIO's review.
- Ensures compliance with information security regulations and policies established by City (DOI/DoITT) State and Federal governments. Provides security metrics, compliance reporting, and other analysis to DOE Senior Management and Legal department as well as outside regulators.
- Reviews available statistics and monitoring aids to determine current performance and makes recommendations for adjustments to software parameters and configurations on a continual basis in order to meet service goals.
- Makes recommendations for security and data collection tools used to monitor and interpret any variances in network activity and recommend solutions.
- Manages relationships with security vendors, auditors, and consultants to ensure that DOE needs are adequately met.
- Interfaces with software and hardware vendors as well as system users to troubleshoot very difficult and complex data communication network problems in an effort to maximize service to the data processing user community.
- Responsible for managing the DOE's Identity and Access Management, Active Directory and authentication standards and policies.
- A master's degree in computer science from an accredited college and three years of progressively more responsible, full-time, satisfactory experience using information technology in computer applications programming, systems programming, computer systems development, data telecommunications, database administration, planning of data/information processing, user services, or area networks; at least 18 months of this experience must have been in an administrative, managerial or executive capacity in the areas of computer applications programming, systems programming, computer systems development, data telecommunications, data base administration, or planning of data processing or in the supervision of staff performing these duties; or
- A baccalaureate degree from an accredited college and four years of experience as described in "1" above; or
- A four-year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and six years of experience as described in "1" above; or
- A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent approved by a State's department of education or recognized accrediting organization and must possess at least three years of experience as described in "1" above, including the 18 months of administrative, managerial, executive or supervisory experience as described in "1" above.