Information Security Officer (Business SME) - onsite at least once a month or once a week

Overview

Remote
Depends on Experience
Contract - Independent
Contract - W2
Contract - 12 Month(s)

Skills

Information Security
Cybersecurity
Leadership
Team Lead
Manager
Regulatory Compliance
Policy Implementation
Incident Response
Threat Mitigation
Relationship Management
Stakeholder Engagement
NIST SP 800-53
NIST Security Controls
Security and Privacy Controls
Data Center
Disaster Recovery Site

Job Details

The role of the Agency Information Security Officer is to provide consultative, professional advice and expertise about security issues to agency and executive management; is the agency subject matter expert on information security matters.

As the Agency Information Security Officer, you will:

Collaborate with agencies to strengthen the state's security posture through continuous assessment, proactive security measures, and alignment of security initiatives with business goals.

Exercise independent judgment on critical security matters, including risk assessments, resource allocation, and policy implementation, ensuring the agency s operations and inter-agency relationships are secure and compliant with state and federal regulations.

Work closely with sections of the Information Security Office to implement and support the Information Security Program Plan, fostering cross-functional collaboration to address emerging threats and vulnerabilities.

  • Engage with stakeholders across agencies to integrate security strategies into business objectives, ensuring that security operations and initiatives directly support the agency s missions, goals, and regulatory compliance needs.
  • Serve as the primary point of contact for the escalation of cybersecurity issues, ensuring that concerns are promptly addressed and resolved in a timely, coordinated, and efficient manner to minimize risk and maintain business continuity.
  • Advise on Security Policies & Standards Develop, review, and enforce security policies, standards, and best practices to ensure agency compliance with state and federal regulations.
  • Risk Assessment & Management Conduct security risk assessments, analyze findings, and recommend remediation strategies to mitigate threats and vulnerabilities.
  • Incident Management & Response Assist with security incident investigations, coordinate response efforts, and provide guidance on incident containment, remediation, and reporting.
  • Third-Party Risk Management Evaluate vendor and third-party security controls to ensure compliance with state security requirements and industry standards.
  • Audit & Compliance Support Support internal and external security audits by providing necessary documentation and guidance to ensure adherence to regulatory requirements.
  • Emerging Threat & Technology Assessment Stay informed on evolving cybersecurity threats, technologies, and best practices, and provide recommendations for improving agency defenses.
  • Business Continuity & Disaster Recovery Collaborate with agencies to develop and test business continuity and disaster recovery plans to ensure resilience in the event of a security incident or disruption.
  • PREFERRED QUALIFICATIONS:
    • Proactive: Uses time effectively and makes sound decisions independently
    • Collaborative: Builds coalitions among supported agencies for efficient information security program management;
    • Expertise: Subject matter expertise or the capacity to become an expert in the role's essential functions; and
    • Versatility: Dynamic individual capable of balancing information security, agency business functions, and statewide risk.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About HPTech Inc.