|Company||NYS Office of Information Technology Services|
|Preferred GIAC Certifications||GSTRT, GSLC|
|Salary||$137,883 - 173,431|
The Chief Information Security Officer will direct the Chief Information Security Office (CISO) within the NYS Office of Information Technology Services (ITS) to ensure the confidentiality, integrity, and availability of the State’s information assets. The CISO leads the development and implementation of security policies and ensures compliance and governance of ITS’ comprehensive enterprise information security and risk management program. This includes providing advisement on a broad range of information security mandates and standards, and guiding the application of industry-recommended practices, including alignment to the National Framework for Improving Critical Infrastructure Cybersecurity, to improve the State’s existing cybersecurity program. In addition, the CISO provides leadership and oversight to the NYS Cyber Command Center which includes event and threat analysis, digital forensics, red team testing and incident response.
Duties include, but are not limited to:
• Develop, maintain, and assure information security and risk management program governance, and compliance with policies, standards, protocols and best practices and create and facilitate cyber security risk assessment processes, including oversight and reporting on remediation efforts.
• Collaborate with ITS executive management to identify and understand the information assets that support critical business functions and assess and strategize to manage related cybersecurity risks in a manner consistent with the State’s overall cybersecurity risk management program and business objectives.
• Direct information security risk management initiatives across IT, advising executive management on cybersecurity risk and acceptable risk tolerances, ensuring protection and compliance with regulatory requirements.
• Manage detection activities and provide advisement on cyber security threats and vulnerabilities; direct the development and implementation of appropriate safeguards to ensure system resiliency, protect critical infrastructure services, and detect, contain, and respond to cybersecurity incidents.
• Oversee enterprise incident response, and coordinate efforts to restore and recover from events that may negatively affect information, systems, and critical infrastructure that support State business functions.
• Direct the development of effective information security awareness training programs for employees, contractors, and users, and facilitate cyber preparedness exercises involving business, technical and partner representatives.
• Provide routine updates on cyber risks, incidents and priority initiatives, and work with executive management to prioritize initiatives and spending to reduce cybersecurity risk and improve the overall information security program.
• Maintain collaborative internal and external information sharing partnerships to assure the State has timely and actionable cyber intelligence regarding threats, incidents, response strategies and solutions (e.g., Multi-State Information Sharing and Analysis Center, NYS Cyber Intelligence Center (Fusion Center), Federal Bureau of Investigation, U.S. Department of Homeland Security and State Department of Homeland Security and Emergency Service, and state and local agencies).
• Direct the CISO’s participation/integration as it pertains to ITS strategic planning, transformation initiatives, enterprise architecture and operations; procurement of services and solutions, secure system architecture, evaluation of security controls, configuration, and maintenance; enterprise security budget proposals; monitoring and reporting on spending; procuring and managing contracts related to managed security services; and performance metrics.
• Perform full range of supervisory responsibilities.