Chief Information Security Officer

Florida Gaming Control Commission

Office of the General Counsel

CHIEF INFORMATION SECURITY OFFICER

Requisition No: 846546

Pay Plan: SES

Position Number: 41500700

Salary: $90,000 - $103,000 annually

Posting Closing Date: 2/28/2025

Total Compensation Estimator Tool

*OPEN COMPETITIVE*

The Florida Gaming Control Commission seeks a dynamic information technology leader to join our unique agency as its Chief Information Security Officer. This key position allows the successful candidate to champion the Commission’s information technology initiatives, driving innovation and efficiency while ensuring that technology solutions effectively support the Commission’s mission and enhance the delivery of services to Floridians.

Overview:

The Commission regulates legal gambling in the state, including licensed pari-mutuel wagering facilities, cardrooms, and slot machine gaming facilities. In addition, through the Division of Gaming Enforcement, the Commission investigates criminal gambling activity and enforces the state’s criminal gambling laws.

The Division of Gaming Enforcement is a criminal justice agency comprised of sworn law enforcement officers and criminal intelligence analysts handling complex cases involving RICO, money laundering, and illegal gambling throughout the state.

Working at the Commission provides an exciting opportunity to participate in regulating authorized gaming and enforcing cutting-edge laws in the gambling industry. This means employees get to tackle emerging issues and make a real impact.

The Commission takes pride in offering a supportive work environment that fosters growth and collaboration.

Position Responsibilities:

This position serves as the Chief Information Security Officer (CISO) and Network Manager for the Florida Gaming Control Commission and is responsible for maintaining and enforcing the Agency’s information security policies and designing and maintaining network infrastructure. This position is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems, and assets from both internal and external threats. Duties include, but are not limited to:

Security:

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements. Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Develop and enhance an information security management framework.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
• Provide leadership to the enterprise's information security organization.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Assist with the overall business technology planning, providing current knowledge and future vision of technology and systems.

Network:

• Oversee the development/design, implementation, and maintenance of FGCC’s enterprise network infrastructure.
• Monitor network performance and troubleshoot issues.
• Conduct regular network maintenance and updates.
• Implement and manage network monitoring tools and systems.
• Performance Optimization: Analyze network performance metrics and optimize network configuration. Identify and resolve network bottlenecks and performance issues.
• Documentation and Reporting: Maintain detailed documentation of network configurations, procedures, and changes. Generate regular reports on network performance, security incidents, and project status.
• Disaster Recovery and Business Continuity: Develop and implement network disaster recovery and business continuity plans.
• Compliance: Ensure network operations comply with relevant regulations and standards.

Team Management:

• Lead and supervise network and security staff and engineers.
• Provide training and support to team members.

Required Knowledge, Skills, and Abilities:

• Knowledge of distributed processing operations, software, procedures, and equipment.
• Knowledge of Information Security, principles, and best practices.
• Knowledge of problem-solving techniques.
• Knowledge of computers and software.
• Knowledge of the principles, practices, and techniques of computer systems analysis.
• Knowledge of the principles of networking and telecommunication.
• Knowledge of telecommunications principles, equipment, procedures, and terminology.
• Knowledge of audit procedures.
• Knowledge of the principles of cryptography and cryptanalysis.
• Knowledge of application and system technology security testing.
• Ability to develop and maintain policies, procedures, standards, and guidelines.
• Ability to process information logically and solve problems.
• Ability to develop training programs related to distributed processing operations and procedures.
• Ability to monitor, troubleshoot, and resolve problems with distributed computer systems components.
• Ability to identify and define user needs.
• Ability to communicate effectively.
• Ability to establish and maintain effective working relationships with others.
• Ability to prioritize, plan, organize and coordinate work assignments.
• Ability to author technical reports.
• Ability to analyze security requirements and relate them to the appropriate security controls.

Minimum Qualifications:

• Four (4) years of information security experience with at least three (3) years responding to security incidents. An associate's degree can substitute for 2 years of the direct experience.
• At least one (1) year managing security projects, efforts, or teams.
• Experience with various regulatory requirements, laws, and security frameworks, such as NIST, ISO 27001, PCI DSS, HIPAA, HITECH, SOX, GDPR, CCPA, CIS, or SOC 2.
• Sufficient experience in the Duties & Responsibilities described above can be considered to satisfy any of the minimum requirements.
• Ability to manage a project, internal/external contractors’ team, vendors, budget and initiatives.

Preferred Qualifications, not required:

• A bachelor’s degree from an accredited college or university in information technology, computer engineering, business administration or a related field.
• Industry recognized certifications such as: CISSP, CISM, CCSP, OSCP, CEH/CND, CySA , Sec , or related GIAC certification.
• Experience securing cloud environments like Microsoft Azure, Amazon Web Services, or Google Cloud Platform.
• Experience with firewalls and IAM/PAM systems and vendors.

Where you will work:

This position is located in Tallahassee, Florida.

The Benefits of Working for the State of Florida:

Working for the State of Florida is more than a paycheck. The State's total compensation package for employees features a highly competitive set of employee benefits including:

• Annual and Sick Leave benefits;
• Nine paid holidays and one Personal Holiday each year;
• State Group Insurance coverage options, including health, life, dental, vision, and other supplemental insurance options;
• Retirement plan options, including employer contributions (For more information, please click www.myfrs.com);
• Flexible Spending Accounts; and
• Tuition waivers.

Important Notices:

• The Florida Gaming Control Commission has employment restrictions for all Commission employees referenced in sections 16.713 and 16.715, Florida Statutes.
• This position requires a security background check and/or drug screening including fingerprinting, as a condition of employment and participation in direct deposit. You will be required to provide your Social Security Number (SSN) and/or State Issued Photo Identification in order to conduct this background check.

Applicants are required to apply through the People First system by the closing date, by applying online. All required documentation must be received by the closing date of the advertisement. If you have any questions regarding your application, you may call 1-877-562-7287.