The primary role of the Director of InfoSec Special Projects is to focus on Information Security Projects associated with the agency supported systems and new application architecture, design, and implementation. This candidate will have a strong background in understanding complex distributed systems that interact, receive and exchange data with multiple partner sources and how to identify, manage, and communicate the risks from such implementations to other technical and business teams. This candidate must also have a strong hands-on background in managing various flavors of Operating Systems (Windows, Linux) and Databases (Oracle, DB2). Candidate must be able to work independently with minimal supervision, interact effectively with IT, security, procurement, vendors and business leaders, and apply sound information security risk management practices.
- Partner with key stakeholders in the business to identify, assess, aggregate and document risks and controls, including risks associated with new or modified products, services, distribution channels, regulations and third party operations.
- Present findings to various levels of leadership concerning the status of system risk or failure as a result of installations, upgrades and modification and the cost or impact to business operations.
- Contribute to the implementation of new risk policies, practices, and solutions to ensure holistic understanding and management of risks according to industry best practice.
- Enhance strategies, tools, and methodologies to measure, monitor, and report data risks.
- Applies knowledge to utilize or produce analytical material for discussions with cross functional teams to understand business objectives and influence solution strategies.
- Effectively contributes to projects that impact the organization.
- Support the formulation of stress test plans for a line of business or the enterprise including the evaluation of results, and framing of contingency plans in partnership with key business stakeholders.
- Experience in the performance of analytical, planning, operational and technical review in the movement of information across the network.
- Knowledge of emerging technology and the security governance implications.
- Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, control standards, and security technologies.
- Experience designing, architecting, troubleshooting, and deploying various security technologies while minimizing the business impact that can occur from the implementation of active security technologies.
- Strong understanding of Database Design and Application Process Flows, including security best practices in relation to Database and Application Flows.
- Experience managing Information Security Operations Teams.
- Excellent skills with MS products (Project, Word, Excel, PowerPoint, Access and Visio).
- Excellent written and oral communication skills and proven analytical skills.
- Demonstrated ability to develop and maintain project management metrics.
- Flexible and able to conform to shifting priorities.
Minimum Qualification Requirements
- A master's degree in computer science from an accredited college or university and three (3) years of
progressively more responsible, full-time, satisfactory experience in Information Technology (IT)
including applications development, systems development, data communications and networking,
database administration, data processing, or user services. At least eighteen (18) months of this
experience must have been in an administrative, managerial or executive capacity in the areas of
applications development, systems development, data communications and networking, database
administration, data processing or in the supervision of staff performing these duties; or
- A baccalaureate degree from an accredited college or university and four (4) years of progressively
more responsible, full-time, satisfactory experience as described in "1" above; or
- A four-year high school diploma or its educational equivalent, and six (6) years of progressively morere sponsible, full-time, satisfactory experience as described in "1" above; or
- A satisfactory combination of education and experience equivalent to "1", "2" or "3" above. However, all candidates must have at least a four-year high school diploma or its educational equivalent and must possess at least three (3) years of experience as described in "1" above, including the eighteen (18) months of administrative, managerial, executive or supervisory experience as described in "1" above.
In the absence of a baccalaureate degree, undergraduate credits may be substituted for a maximum of two (2) years of the required experience in IT on the basis of 30 semester credits for six (6) months of the required experience. Graduate credits in computer science may be substituted for a maximum of one (1) year of the required experience in IT on the basis of 30 graduate semester credits in computer science fo one (1) year of the required IT experience. However, undergraduate and/or graduate credits may not be substituted for the eighteen (18) months of experience in an administrative, managerial, executive, or supervisory capacity as described in "1" above.