This position is more geared towards security program management and not as much on the technical side. This position will assist small agencies in performing security self-assessments, develop DR/COOP plans, assist in incident management, develop information risk management plans, etc.
Under general direction, is responsible for developing, implementing, and maintaining information security
programs; builds and maintains a consistent approach in securing information
resources. This position will provide routine reports and briefings to leadership on the posture and regulatory compliance of information security programs.
This position will work closely with business units to ensure that information security efforts and controls
align with business objectives to ensure the confidentiality, integrity and availability of all information resources.
Ensures that organizations are aware of all applicable policy and regulatory requirements and recommendations to become or maintain compliance. This position is also responsible for assisting in the development and
execution of Business Continuity Planning (BCP) and Disaster Recovery (DR) implementation.
As a representative, this position is critical in providing security services t, therefore excellent customer service skills are essential.
Essential Job Tasks:
• Advise senior management on risk levels and security posture.
• Collaborate with key stakeholders to establish a cybersecurity risk management program.
• Communicate the value of information security throughout all levels of the organization stakeholders.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
• Identify security requirements specific to an information technology (IT) systems in all phases of the system
Required Knowledge, Skills, and Abilities:
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cybersecurity and privacy principles.
• Knowledge of the NIST Risk Management and Cybersecurity Frameworks
• Knowledge of common compliance standards such as FISMA, HIPAA, PCI-DSS, etc.
• Skill in communicating with all levels of management
• Skill to use critical thinking to analyze organizational patterns and relationships.
• Ability to leverage best practices and lessons learned of external organizations and academic institutions
dealing with cyber issues.
• Ability to tailor technical and planning information to a customer’s level of understanding.
• Ability to understand the basic concepts and issues related to cyber and its organizational impact.
• Ability to relate strategy, business, and technology in the context of organizational dynamics.
• Bachelor's degree from an accredited college or university
• Six (6) years of IT work experience to include three (3) years of IT security work experience
• One or more cybersecurity certifications (CISSP, CISM, CISA, etc.)
• Equivalent combination of education and experience will be considered
• Applicants for this position must pass a fingerprint based national background investigation