State Chief Information Security Officer (SCISO)

Introduction

The Department of Information Technology (DoIT) champions the state’s strategic direction for Information Technology and Telecommunications, establishing a long-range, targeted technology architecture, encouraging cross-agency collaboration, and advocating best practices for operations and project management across state agencies within the executive branch.

Using resources at the agency’s disposal combined with talented and knowledgeable team members, the Department of Information Technology successfully identifies and promulgates opportunities for state agencies to run more efficiently and less expensively, maximizing the State’s investment in technology and telecommunication assets.

Grade

EPP 0006

Main Purpose

We are seeking a highly talented/experienced individual to fill our Executive level position as State Chief Information Security Officer (SCISO). This individual will oversee the Office of Security Management (OSM) within the Department of Information Technology (DoIT).

This position will be responsible for the direction, coordination, and implementation of the overall cybersecurity strategy and policy for units of State government.

***This Executive Service Position Serves at the Pleasure of the Governor***

Position Duties

• Develop and implement a comprehensive information security program for the state, prioritizing resilience and response. This includes security policies, standards, and guidelines for the state's information systems, ensuring compliance with applicable laws and regulations and the state’s strategic objectives.
• Develop and maintain strong relationships with key stakeholders, including the Governor, senior staff, agency heads, private sector partners, and other governments. Foster a collaborative approach to cybersecurity and cyber resilience via training and awareness programs, education, and outreach.
• Oversee the identification, assessment, and risk management of the state’s cybersecurity and cyber resilience posture. Lead the development, assessment, and monitoring of cybersecurity and cyber resilience systems, processes, and policies.
• Lead the incident response process to cybersecurity incidents and threats, including coordination with internal and external stakeholders to effectively manage cybersecurity incidents
• Provide guidance and expertise to state leadership on emerging cybersecurity threats and trends, as well as recommend appropriate strategies and technologies to address these challenges.
• Develop and manage the information security budget, ensuring resources are allocated effectively to meet the state's cybersecurity and cyber resilience needs.
• Understand key priorities and the government context and to shepherd key projects and overcome obstacles.

Minimum Qualifications

Education: A bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field from an accredited college or university.

Experience: Ten (10) years of experience performing the following duties: (1) identifying, implementing, and or assessing security controls in infrastructure, systems engineering, and or cybersecurity; (2) managing highly technical security, security operations centers, and incident response teams in a complex cloud environment and supporting multiple sites; (3) working with common information security management frameworks; (4) have extensive knowledge of information technology and cybersecurity field concepts, best practices, and procedures, with an understanding of existing enterprise capabilities and limitations to ensure the secure integration and operation of security networks and systems; (5) have knowledge of current security regulations; (6) experience managing a workforce greater than 50 people.