Duties Description ITS provides operational support to state agencies on a 24x7x365 basis; some positions may be required to provide this critical service at any time.
Under the direction of the Executive Director of Security Shared Services (S3), within the Chief Information Security Office/Security Shared Services section, this position will assist with the oversight of the Security Shared Services Bureau. The position will supervise four or more Senior Information Security Officers SG-29 which lead teams supporting the security needs of multiple ITS dedicated agency/sector teams. The position will oversee the Incident Response Program. The position will assist with oversight of the NYS Cyber Risk Remediation Program (CRRP) and the development of products offered by the Chief Information Security Office (CISO). The incumbent will act as a member of the Chief Information Security Office Executive Leadership Team and participate in shaping and implementing the strategic vision for cybersecurity within NYS.
The position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction. The position requires communicating orally and in writing with various individuals and groups including, but not limited to, executive management, business users and other IT staff. The incumbent must be able to communicate with clarity to subordinate staff regarding work priorities and performance. The incumbent will have to work with ITS Dedicated Support Teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure. The incumbent will have strong customer service skills and will focus on developing relationships with key stakeholders.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical matters that may impact sensitive information, critical systems, ITS, NYS agencies, or other partners (such as local governments).
Duties include, but are not limited to:
• Assist with the direction of the Security Shared Services Bureau in developing, deploying, and maintaining processes and procedures in alignment with NYS State and agency information security policies and standards. Monitor compliance and take appropriate action as needed.
• Oversee the continued development of the ITS Cyber Incident Response Program which includes continuously improving procedures and ensuring 24x7x365 rotating coverage schedules for IR responders.
• Enhance the Secure Software Development Lifecycle (SSDLC) process in response to shifting cyber landscape and the requirements of ITS, agencies, and NYS.
• Foster and develop relationships with key stakeholders, such as the Dedicated Commissioners of Technology (DCTs).
• Provide off-hours leadership in response to cyber treats, incidents, and events on a rotating basis.
• Serve as information security expert and evaluate systems and contracts for alignment with agency and State information security policies.
• Provide advisement and expertise in the development of NYS security policies and standards.
• Assist with development and implementation of the Security Shared Services Bureau's program and associated products.
• Perform administrative and strategic functions to assist the CISO Executive Leadership team in managing the operations of the Chief Information Security Office.
• Monitor and maintain awareness of information security industry trends, tools, and techniques.
• Perform the full range of supervisory responsibilities.
Minimum Qualifications Information Security Manager
Non-competitive: Nine years of information technology, cybersecurity, or information assurance experience*, including three years at the supervisory level or one year at the managerial level.
*Substitutions:
A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience.
An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.
A master's degree or higher in computer science or related field substitutes for one year of required experience.
Preferred qualifications:
• Applicable Information Security certificate(s) such as CISSP, CISM, etc.
• Experience in one or more of the following areas:
o Leading information security teams
o Applying and implementing network, system, or application security
o Security policy/standard/guideline development, implementation, or interpretation
o Conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
o Process development, improvement, and measurement
o Information security incident response
o Developing metrics and key performance indicators
• Strong understanding of enterprise IT environments, including but not limited to system administration, application architecture, network architecture, operating systems, and associated security controls and solutions (e.g., WAF, firewalls)
• Strong understanding of the foundations of Information Security, such as the CIA triad, information classification, identity and access management, risk management, vulnerability management, secure architecture and engineering, network security, software development security, etc.
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
• Demonstrated critical thinking, problem solving and analytical skills
• Demonstrated excellence in customer service
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results
Additional Comments ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non-immigrant aliens for temporary work authorization visas or for permanent residence.
Some positions may require fingerprinting.
Some positions may require up to 25% travel and/or lifting up to 50 lbs. Some positions are pending Civil Service approval. Details of position(s) will be described further if you are selected for an interview.
If eligible, positions located in New York City will receive an additional $3,400 downstate adjustment location pay with regular annual salary. Positions located in the Mid-Hudson will receive an additional $1,650 adjustment location pay.
to permanent non-competitive and the official probationary period will begin.
Benefits of Working for NYS Generous benefits package, worth 65% of salary, including:
Holiday & Paid Time Off
• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Thirteen (13) days of paid sick leave annually for PEF.
• Up to three (3) days of professional leave annually to participate in professional development
Health Care Benefits
• Eligible employees and dependents can pick from a variety of affordable health insurance programs
• Family dental and vision benefits at no additional cost
Additional Benefits
• New York State Employees' Retirement System (ERS) Membership
• NYS Deferred Compensation
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
• Public Service Loan Forgiveness (PSLF)
• And many more.
Name ITS Human Resources
Fax 518-402-4924
Email Address
[email protected] AddressStreet 164 Columbia Turnpike
City Rensselaer
State NY
Zip Code 12144
Notes on Applying To apply for this position, please submit a cover letter and resume clearly indicating how you qualify. Ensure that you include the vacancy ID in the subject of your email for prompt routing. Your Social Security number may be required to confirm eligibility.
