Information Security Officer (ISO) Subject Matter Expert (SME)

Information Security Officer (ISO) Subject Matter Expert (SME)

This position requires travel to various Maryland state agencies, otherwise, you will work remotely. 

Based in Crownsville, Maryland, the Maryland Department of Information Technology (DoIT) Office of Security Management (OSM) is requiring the services of three (3) individuals to act as Information Security Officer (ISO) Subject Matter Experts to support OSM in coordinating the adoption and implementation of centrally provided cyber security services.  

The ISO will play an active role in identifying and addressing vulnerabilities, working closely with engineers to devise solutions and formulate Implementation Guides. Additionally, ISOs will assist in managing cybersecurity risks within state agencies, aligning efforts with the Cybersecurity Framework (CSF). Tasked with prioritizing these risks, the ISO SME will effectively communicate them to senior leadership, ensuring a comprehensive approach to safeguarding organizational assets and maintaining operational resilience against emerging cyber threats.

Candidates chosen for an interview will meet the Education, General Experience and Specialized Experience requirements provided below. 

Work Location: Hybrid, remote and as assigned to state agencies in Maryland

Responsibilities/Duties:

• Develop and maintain metrics to track adoption rates and regularly assess and enhance security controls, conducting assessments and evaluations to ensure effectiveness and compliance with established standards. 
• Review and implement security policies to ensure compliance with regulatory requirements and organizational standards. 
• Conduct thorough reviews of vulnerability data, coordinating with stakeholders to prioritize and address identified vulnerabilities effectively. 
• Actively participate in Authorization to Operate (ATO) assessments, contributing expertise to ensure systems meet security requirements for operation.  
• Collaborate with cross-functional teams to develop and enhance security protocols and procedures for seamless integration and utilization.  
• Regularly report on adoption rates and identify areas for improvement. 
• Monitor security systems to detect and respond to potential threats.        
• Act as the primary point of contact for ISO agency-related inquiries and engagements.  
• Monitor progress against established plans and adjust as necessary.        
• Develop strategic plans and roadmaps for service delivery. 

Education:

• Bachelor's degree in computer science, information technology, cybersecurity, or a related field. 
• Advanced degrees or certifications such as CISSP, CISM, or CISA are preferred. 

General Experience/Skills:

• Minimum of 5 years’ experience in information security management. 
• Analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions. 

Specialized Experience:

• Specific experience in implementing ISO plans, procedures, and cyber defense operations. 
• Experience tracking adoption rates and implementing centrally managed cyber services. 
• Experience in developing strategic plans, roadmaps, and business cases for new cybersecurity initiatives

Preferred Qualifications:

• Graduate degree or certifications such as CISSP, CISM, or CISA 
• Strong knowledge of industry standards, regulations, and best practices related to information security, including ISO 27001, NIST Cybersecurity Framework, and General Data Protection Regulation (GDPR). 
• Excellent communication and collaboration skills, with the ability to effectively communicate technical concepts. 
• Project management skills, with experience in planning, scheduling, and monitoring the delivery of cybersecurity services.

Applicants must be authorized to work in the U.S. 

Salary negotiated commensurate with experience.  

Benefits available for W2 employees: 

• 401K  
• Medical  
• Vision  
• Dental  
• AD&D (Basic Term Life)  
• Voluntary AD&D  
• Floating Holidays  

MORE ABOUT 4A 

4A Consulting, LLC is one of the fastest growing solutions delivery companies in Maryland, delivering on end-to-end Enterprise-wide information technology (IT) initiatives. 4A has extensive experience delivering superb IT consulting and support services to federal, state, and local agencies, including the Centers for Medicare and Medicaid Services, the Social Security Administration, Food & Drug Administration, and the State of Maryland. We cultivate a well-trained, technically savvy workforce through the acquisition of talent with specialized skills in program and technical management, cloud-based systems development & deployment, SAFe/Agile processes, and advanced integration technologies.   

4A Consulting, LLC is proud to be an Equal Opportunity Employer  

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, or any other characteristic protected by law.  

4A is a certified Small Business Administration (SBA) Women-owned Small Business (WOSB)/Economically Disadvantaged Women-owned Small Business (EDWOSB), Maryland Department of Transportation Minority and Disadvantaged Small Business Enterprise (MBE/DBE), Minority Business Enterprise (National Minority Supplier Development Council), and Howard County (MD) Minority Business Enterprise IT firm.  

Your Right to Work – In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.