NYS Joint Security Operations Center (JSOC) Director
Company NYS Office of Information Technology Services
Location Brooklyn, NY
Preferred GIAC Certifications GCIH, GMON, GCDA
Travel 10%
Salary $129566 to $163695
URL https://statejobs.ny.gov/employees/vacancyDetailsPrint.cfm?id=111490
Contact Name Anonymous
Contact Email HRResumes/at/ogs.ny.gov
Expires 2022-09-30

Job Description

Reporting directly to the Chief Information Security Officer for NYS Office of Information Technology Services, the Director of the New York State (NYS) Joint Security Operations Center (JSOC) is a senior leadership position that will grow, mature, and lead a significant team of cyber professionals in a geographically distributed, hybrid / matrixed organization. The NYS JSOC Director will work will stakeholders across the state to build shared services as consumable capabilities; to work with public and private sector partners as a senior, public facing voice; and envision the future of cybersecurity shared services and meaningful public/private sector partnerships for covered entities. The New York JSOC serves as a First-of-its-Kind Hub for Information Sharing and Cyber Coordination Across New York State, New York City, Local and Regional Governments, Critical Infrastructure Stakeholders and Federal Partners. The first shared service of the NYS JSOC is Endpoint Detection and Response.

The position requires the successful candidate to act with a great deal of independence in alignment with NYS strategic direction.

The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities.

Duties include, but are not limited to:
• Lead the NYS JSOC.
• Plan, develop, and execute the mission of the Joint Security Operations Center and the EDR Shared Service.
• Lead meetings with senior members of the state and participating entities.
• Manage participating entity relationships, including with elected officials and senior technical leaders; be able to translate cyber and technical language into actionable decisions for stakeholders.
• Oversee relevant potential cybersecurity events/incidents to resolution in collaboration with the NYS Department of Homeland Security and Emergency Services (DHSES), the New York State Police (NYSP), and others as appropriate via the JSOC and EDR Shared Service.
• Provide leadership, vision, and support to the JSOC on activities related to threat and vulnerability monitoring, security event monitoring and response, and alerting.
• Interface with external organizations to ensure appropriate and accurate dissemination of event, incident, threat, and other cybersecurity information.
• Provide reports, summaries, and other situational awareness information as required.
• Oversee logistics management related to facilities, equipment, and staffing in collaboration with the facilities team.
• Act as Liaison on behalf of NYS for issues and items related to JSOC management.
• Develop the human capital of the JSOC, including leading the onboarding, training, and retention activities for the staff.
• Perform the full range of supervisory responsibilities.
• Other duties as directed

Minimum Qualifications:
• Six years of cyber security experience, including two years managing staff.
• Bachelor’s degree

Note: Appropriate cyber security experience may substitute for the bachelor’s degree on a year-for-year basis; an associate requires an additional two years of cyber security experience.

Preferred Qualifications:

Master’s Degree with a concentration or a major in Information Security, Cyber Security, Digital forensics, or a related field OR Master’s Degree with a concentration in Business Administration, Public Administration, Information Technology, or a related field.

• Developing cybersecurity programs
• Incident response
• Cybersecurity event management
• Leading complex projects with teams of full-time employees and consultants

• Excellent written and verbal communication skills
• Project, Program and Portfolio Management

Certifications in one or more of the following:
• Information Security Management (e.g., CISSP, GSLC, GSTRT, CISM, CCISO)
• Computer Network Defense (e.g., GCIA, GCED, GDAT, GPPA, GCDA, GMON, GWEB, GCIH)
• Cyber Threat Intelligence (e.g., CTIA, GCTIA, CCIP, CSTIR)
• Digital Forensics (e.g., ACE, GCFA, GCFE, GREM, GNFA)
• Penetration Testing (e.g., GPEN, CEH, GAWN, GWAPT, LPT)