Information Security Officer

Position: Information Security Officer (DAFS)

Duration: 12 months (extendable)

Client: State of Maine

90% remote role. (once a month onsite)

ABOUT THE JOB DETAILS:

The role of the Agency Information Security Officer is to provide consultative, professional

advice and expertise about security issues to agency and executive management; is the agency

subject matter expert on information security matters. The position will work with agencies and

MaineIT divisions to identify, assess, prevent, protect, and mitigate information security risks,

threats, and vulnerabilities to safeguard business operations. This individual will serve as a

central point of contact on security related matters for agencies to assist in their strategic

planning, operational needs, incident response operations, and regulatory compliance efforts.

As the Agency Information Security Officer, you will:

Collaborate with agencies and MaineIT to strengthen the state's security posture

through continuous assessment, proactive security measures, and alignment of security

initiatives with business goals.

Exercise independent judgment on critical security matters, including risk

assessments, resource allocation, and policy implementation, ensuring the agency s

operations and inter-agency relationships are secure and compliant with state and

federal regulations.

Work closely with sections of the Information Security Office to implement and

support the State of Maine Information Security Program Plan, fostering cross-functional

collaboration to address emerging threats and vulnerabilities.

Engage with stakeholders across agencies to integrate security strategies into

business objectives, ensuring that security operations and initiatives directly support the

agency s missions, goals, and regulatory compliance needs.

Serve as the primary point of contact for the escalation of cybersecurity issues,

ensuring that concerns are promptly addressed and resolved in a timely, coordinated,

and efficient manner to minimize risk and maintain business continuity.

Advise on Security Policies & Standards Develop, review, and enforce security

policies, standards, and best practices to ensure agency compliance with state and

federal regulations.

Risk Assessment & Management Conduct security risk assessments, analyze

findings, and recommend remediation strategies to mitigate threats and vulnerabilities.

Incident Management & Response Assist with security incident investigations,

coordinate response efforts, and provide guidance on incident containment, remediation,

and reporting.

Third-Party Risk Management Evaluate vendor and third-party security controls to

ensure compliance with state security requirements and industry standards.

Audit & Compliance Support Support internal and external security audits by

providing necessary documentation and guidance to ensure adherence to regulatory

requirements.

Emerging Threat & Technology Assessment Stay informed on evolving

cybersecurity threats, technologies, and best practices, and provide recommendations

for improving agency defences.

MINIMUM QUALIFICATIONS:

Self-motivated leader with 5 to 7 years of experience in a leadership role, information

security, relationship management, and cross-functional goal achievement;

Bachelor s degree in information technology or related field. Four years of direct

experience with information security consultancy may be used in lieu of a degree;

Expertise working with Security and Privacy Controls for Information Systems