ABOUT THE POSITION:
The Information Security Program Manager helps identify risk to the Judicial Branch and makes recommendations on compensating/mitigating security controls to reduce overall cyber risk to a level that is acceptable to the organization. This position will be the primary point of contact for all cybersecurity matters for the Judicial Branch and will manage the Security analysts within the department.
ABOUT THE SUPERIOR COURT:
The Superior Court of the Judicial Branch of Arizona in Maricopa County is dedicated to providing a safe, fair and impartial forum for resolving disputes, enhancing access to our services, and providing innovative, evidenced-based practices that improve the safety of our community and ensure the public’s trust and confidence in the Judicial Branch. The Superior Court in Maricopa County, one of the largest, most innovative and progressive trial courts in the nation, seeks innovative individuals to join our team who will embrace our vision of excellence and the principles inherent in the Rule of Law...every person, every day, every time. We fulfill these principles through a culture that values fairness, respect, integrity, innovation, and safety.
- Bachelor’s degree in Computer Science or related field
- Six (6) years of information security or IT risk management experience
- Two (2) years of supervisory or management experience with experience and understanding of enterprise infrastructure capabilities and application development
- Experience with following: SOC 2, PCI, SOX, NIST CSF, NIST 800-x, CJIS, ISO 2700X, COBIT, etc.
Combined education and experience qualifications:
- Other combinations of post-secondary education and job-related experience may be considered in substitution for the minimum qualifications on a year for year basis.
Our Preferred Candidate has:
- 10+ years in a security management role
- Information security governance, risk, and compliance experience for an organization with reliance on cloud computing
- Security certification (CISSP or GIAC GSLC preferred)
Knowledge, skills, and abilities:
- IT or cyber security Project and Program Management experience; experience and/or knowledge within Security Operations Center (SOC) environment
- The relationships and impacts of programs and initiatives across business units
- Practical understanding of at least two security control frameworks and associated policy requirements from the following set: ISO 27001, NIST CSF, NIST 800 800-53, NIST 800-171, NIST 800-82, Cloud Security Alliance Cloud Controls Matrix (CSA CCM), SOC2, PCI/DSS
- Applying, selecting, and testing families of security controls and tracking compliance with the associated control requirements
- Building and continually strengthening relationships with teammates and partners, thereby influencing key decisions
- Project management, especially in a cross-functional environment
- Team-oriented interpersonal and communication skills; ability to present technical information in a way that establishes rapport, persuades others and gains understanding
- Verbal and written communication skills; ability to communicate effectively to technical, and non-technical stakeholders
- Technical background with an applied understanding of common attack methodologies; common types of security risks and mitigation strategies
- Developing effective, pragmatic information security policy and standards frameworks
- Practical hands-on experience supporting IT infrastructure and operations
- Practical hands-on experience securing cloud applications
- Execute organization-wide initiatives: defined project plans, coordinated resources, managed implementation activities, and developed all processes associated with program rollout and ongoing support
- Collaborate with appropriate teams to execute various security projects (upgrades, new implementations, etc.); evaluate and implement new security technology controls and solutions
- Drive proactive threat monitoring using vulnerability, response, mitigation, threat landscape trends
- Be a self-starter, work independently, maintain a positive attitude, enjoy learning and staying current with industry developments, regulations, and best practices
Essential Job Tasks
(This is not an all-inclusive list of all job duties that may be required; employees will be required to perform other related duties as assigned.)
- Performs information security risk evaluations/reviews of vendor software, solutions, and services to assess risk imposed associated with the use of vendor software, solutions, and services.
- Develops and implements a security training program that addresses the threats, risks, and raises the overall security awareness throughout the Judicial Branch.
- Develops and reports on metrics for training and awareness to leadership.
- Develops, maintains, and documents a framework to continuously maintain information security policies, standards, and guidelines; and oversee the approval and publication of risk policies.
- Ensures policies are aligned to leading information security frameworks and meet cybersecurity regulatory requirements.
- Identifies gaps and conflicts in policy governance structure and make recommendations to address them and drive changes as required.
- Collaborates with internal security partners and threat intelligence teams to derive indications and warnings of impending threat. Keep up to date on emerging
- Conducts audits information systems, platforms, and operating procedures in accordance with established Judicial Branch and regulatory standards for efficiency, accuracy, and security.
- Evaluates infrastructure in terms of risk to the organization and works with the Maricopa County and other Information Security Operations teams to establish controls to mitigate loss.
- Develops risk and control matrixes and test plans for key controls.
- Provides recurring report of controls mapped across multiple regulatory requirements and frameworks for visibility into defense mechanism strengths and gaps.
- Updates, maintains, and practices Judicial Branch cybersecurity incident response plans.
- Challenges and inspires employees to achieve expected results.
- Ensures employees adhere to legal and operational compliance requirements.
- Oversees, trains, and evaluates IT Support and Services staff, and ensures maximum use of their experience and skills.
- Trains and provides feedback regularly on technical and customer service issues.
- Implements performance standards, procedures, and efficient methods of work within the IT Services team.
- Establishes performance goals for staff.
- Provides instruction on technical issues and develops and maintains training materials for new and existing staff.
While performing the duties of this job, the employee is regularly required to speak clearly and hear; see details of objects that are less than a few feet away; sit for long periods of time; stand, walk, use hands to finger handle or feel; reach with hands and arms; and occasionally push, pull or lift up to 20 pounds.