Manager Information Technology Services 2 (Information Security), SG-29
Indexed description
Duties
The Department of Financial Services is seeking candidates for the position of Manager Information Technology Services 2 (Information Security) within Information Security. Duties include, but are not limited to, the following:
- Directs and manages implementation of information security and compliance programs;
- Provides direction and guidance to teams with responsibility for developing, deploying, and maintaining information security architecture;
- Directs the development, interpretation, review, and communication of information security policies, procedures, and standards;
- Coordinates the implementation of information security procedures, risk reviews, and remediation activity, monitors information security compliance, recommends improvements to monitor access to information assets and ensure security safeguards are maintained;
- Manages and resolves security threats to agency information systems and information security incident response;
- Directs development and implementation of information security risk analysis and management processes; coordinates vulnerability scanning and analysis to help determine risk and remediation priorities; manages development and maintenance of enterprise risk registers, which includes reporting and tracking remediation efforts;
- Directs the characterization and analysis of network traffic to identify anomalies and potential threats to network resources; determines events that require investigation and response;
- Implements and improves information security incident response plans and reports;
- Develops and implements plans and procedures to ensure business critical services are recovered in disaster efforts;
- Directs investigation of alleged information security violations; coordinates collection, seizure, handling, and analysis of digital evidence; responds to requests for information from investigators;
- May testify in proceedings regarding analytical processes and findings; Serves as an information security expert and evaluates systems and contracts for alignment with State policies and standards;
- Reviews contract, service level agreement, memorandum of understanding language, and other documents to verify needs, requirements, and alignment with State policies and standards;
- Provides information security expertise and recommendations to agency executives on a broad range of information security matters;
- Researches laws and regulations that could affect the security controls and classification of information assets;
- Monitors information security trends, tools, and techniques to maintain awareness and evaluate the applicability of the latest information security techniques and tools to agencies’ security programs;
- Develops a multilayered and adaptive approach to counter information security threat environments; represents the agency at internal and external information security meetings;
- Manages staff and resources dedicated to information security programs;
- Collects metrics to measure the efficiency and effectiveness of information security programs;
- Performs the full range of supervisory responsibilities; and
- Other duties as assigned.
- Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or a related field required. Master’s degree and professional certifications, such as CISSP, preferred.
- Minimum of seven (7) years of experience in a combination of risk management, information security and information technology fields. Experience in a leadership role is preferred. Employment history should demonstrate increasing levels of responsibility.
- Knowledge and understanding of common information security management frameworks, such as NIST 800-53, CIS Controls.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences. Technical experience in the fields of cybersecurity, information security, information technology and/or cybersecurity intelligence.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Familiarity with cybersecurity regulations, including the DFS Cybersecurity Regulation (23 NYCRR Part 500).
- Strong analytical skills and ability to write clearly on complex issues.
Non-Competitive: Eight years of information technology, cybersecurity, or information assurance experience*, including two years at the supervisory level.
- Substitutions: A bachelor’s degree or higher in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor’s degree substitutes for two years of required experience.
A master’s degree or higher in computer science or related field substitutes for one year of required experience.
Additional Comments
Please note that a change in negotiating unit may affect your salary, insurance and other benefits.
Salary: The starting salary for this position is $118,425 with periodic increases up to $145,039
Positions located within the New York City metropolitan area, as well as Suffolk, Nassau, Rockland, and Westchester Counties, are also eligible to receive an additional $4,000 annual downstate adjustment.
Appointment Status: Temporary
Appointment to this position is pending Governor Appointment’s Office and Division of Budget approval.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search