Information Security Officer

Office of Information Technology Services (OITS)

Our employees are our most valuable resource, pivotal to our success. OITS is dedicated to fostering a work environment that values work-life balance. With the state s generous paid time off, including holidays, this ensures our employees have the time they need to rejuvenate. We actively support our team's professional growth through tuition and certification reimbursement, empowering them to pursue their career aspirations. With sample opportunities for continued learning, we prioritize career and leadership development and mentorship. OITS is a great place to work, come join our team!

Verification of identity and employment eligibility to work in the United States is required by federal law. For a list of acceptable documents that establish these criteria, please refer to the federal . OITS does not provide sponsorships for this position.

E-Verify: The Office of Information Technology Services (OITS) participates in E-Verify and will provide the federal government with your information to confirm that you are authorized to work in the U.S. For additional information regarding E-Verify, please click . For additional information regarding Immigrant and Employee Rights (IER) please click .

About the Position:

• Who can apply: Anyone
• Classified/Unclassified Service: Unclassified
• Full/Part-time: Full-Time
• Regular/Temporary: Regular
• Eligible to Receive Benefits: Yes
• Veterans Preference Eligible: Yes
• This position is eligible for OITS's hybrid work program. The candidate must work in the office three days a week. The supervisor and business needs will determine the hybrid schedule.

Compensation:

• Annual Salary/Hourly Rate: $85,000 95,000/Annually

Note: Salary can vary depending upon education, experience, or qualifications.

Position Summary:

The Information Security Officer (ISO) plays a critical role in safeguarding IT assets, systems, and data for the assigned agencies ensuring alignment with the Kansas Information Security Office's () overarching security strategy. The ISO supports the agency s business objectives and helps to ensure compliance with state, federal, and contractual security regulations. This role leads the implementation of security frameworks, policies, risk management, and third-party risk assessments, reporting directly to the Information Security Assurance Supervisor within the Executive Branch.

Embedded within one or more agencies, the ISO must balance agency-specific needs with state-wide security objectives and policies. This role requires a strong understanding of governance, risk management, and security frameworks, such as the NIST Cybersecurity Framework (CSF).

Key Responsibilities:

• Develop, implement, and maintain agency-specific information security policies and procedures to ensure alignment with the Kansas Information Security Office (KISO) strategy and applicable laws, regulations, and frameworks (e.g., NIST CSF, NIST 800-53).
• Lead risk management activities including risk assessments, mitigation planning, and third-party/vendor risk evaluations to protect agency data, systems, and infrastructure.
• Serve as the primary liaison between the agency and KISO, communicating and implementing statewide cybersecurity initiatives while balancing agency-specific operational needs.
• Conduct compliance assessments and support audits related to federal, state, and contractual security requirements, including CJIS, HIPAA, IRS Pub 1075, and others.
• Collaborate with agency leadership and technical teams to provide strategic guidance and ensure security is integrated into all business operations and IT projects.
• Respond to security incidents by coordinating with internal and external stakeholders to manage investigation, containment, and recovery, followed by root cause analysis and improvement plans.
• Provide security awareness training and consultation to agency staff to promote a strong security culture and ensure understanding of security policies and practices.

Required skills:

• Strong working knowledge of security frameworks such as NIST CSF or NIST 800-53.
• Ability to develop and implement policies and procedures, and to present security strategies to both technical and non-technical audiences.
• Effective communication skills, with the ability to convey complex security concepts in simple terms to technical and business stakeholders.
• Strong leadership and project management skills, with the ability to prioritize tasks in a fast-paced environment.
• Ability to assess regulatory requirements and determine whether existing controls meet those requirements.
• Proficient in reading and comprehending technical information related to software, hardware, and telecommunications systems.

Minimum Qualifications:

• Eleven (11) years direct experience relative to the field of work, with at least three (3) years of direct experience in information security.

Preferred:

• One or more cybersecurity certifications (CISSP, CISM, CISA) or must obtain within one year.
• Familiarity with government and public sector environments
• Knowledge of state and federal regulations such as CJIS, HIPAA, and IRS Pub 1075.

Necessary Special Requirements: Ability to obtain and retain an OITS Security and KCJIS clearances are requirement of employment and continued employment.

Disclaimer: Due to security requirements related to system access, the following will result in disqualification for this position: Felony Convictions, Felony Deferred Adjudication, Class A Misdemeanor Deferred Adjudication, Class B Misdemeanor Convictions less than 10 years, an Open Arrest for Any Criminal Offense (Felony or Misdemeanor).