Information Security Officer

Key Responsibilities

• Security Collaboration: Collaborate with agencies to enhance the state’s security posture through proactive security measures, continuous assessments, and alignment of security initiatives with business objectives.
• Risk & Resource Management: Exercise independent judgment on critical security matters, including conducting risk assessments, allocating resources, and implementing policies to ensure secure operations and regulatory compliance.
• Cross-functional Coordination: Work closely with sections of the Information Security Office to implement and support the Information Security Program Plan, fostering collaboration to address emerging security threats.
• Stakeholder Engagement: Integrate security strategies into business goals across various agencies, ensuring that security operations directly support agency missions and comply with state and federal regulations.
• Incident Management & Response: Serve as the primary point of contact for escalated cybersecurity issues, ensuring prompt resolution to minimize risk and maintain business continuity.
• Policy & Standards Development: Advise on and develop security policies, standards, and best practices to ensure compliance with regulatory requirements.
• Security Risk Management: Conduct security risk assessments, analyze findings, and recommend remediation strategies.
• Incident Investigation & Response: Assist in security incident investigations, coordinate response efforts, and provide guidance on containment, remediation, and reporting.
• Third-Party Risk Management: Evaluate the security controls of vendors and third-party services to ensure compliance with security standards.
• Audit & Compliance Support: Provide documentation and guidance for internal and external audits to ensure adherence to regulatory requirements.
• Emerging Threat Analysis: Stay informed on evolving cybersecurity threats and technologies, recommending strengthening defenses.
• Business Continuity & Disaster Recovery: Collaborate with agencies to develop, test, and implement business continuity and disaster recovery plans to ensure resilience.

Qualifications

Minimum Requirements:

• 5 to 7 years of experience in a leadership role in information security, relationship management, and cross-functional goal achievement.
• Bachelor’s degree in Information Technology or a related field (or equivalent experience).
• Expertise in working with Security and Privacy Controls for Information Systems, as outlined by the National Institute of Standards and Technology (NIST).
• Ability to pass required background checks.
• Experience in regulatory compliance, especially with federally protected data, is preferred.