- Offices & Services
- Becker Career Center
- Alumni Jobs Bulletin
- Alumni Job Listings
- Chief Information Security Officer
Chief Information Security Officer
Troy, NY - Posted on: Tuesday 11/08/16
Division of Administration
Information Technology Bureau
Chief Information Security Officer—Troy
This Information Technology Bureau of the New York State Attorney General (OAG) is seeking to hire a Chief Information Security Officer. This position reports directly to the Chief Information Officer (CIO). Under the general direction of the CIO, the Chief Information Security Officer will provide leadership and technical expertise to ensure the integrity, confidentiality, and availability of OAG information technology assets. The incumbent will have a senior advisory role in decisions affecting information security and assurance. The incumbent will coordinate security efforts to ensure that all OAG networking, SAN, Virtualization, VoIP, Microsoft Windows Server and Server Applications (Exchange, SQL and Share Point), Litigation Holds and Oracle databases adhere to best practices associated with the documenting, managing and securing of these systems. The incumbent will recommend and approve security policies, standards, and processes and facilitate compliance with those policies, standards and processes. The incumbent will oversee alleged information security violations and follow agency and State procedures for referring the investigation. Our current working environment includes Microsoft Active Directory; Microsoft Window Servers; Microsoft Exchange Servers and Oracle Databases.
Duties and Assignments:
Works directly with IT Management in support of the following responsibilities:
• Review, update, and create security policies and procedures. Assist in the evaluation of emerging technologies and their potentialsecurity impact. Ensure policies and procedures on the OAG Intranet are current;
• Develop and implement the agency’s information security risk management program;
• Evaluate any security threats to the agency. Directs the investigation of alleged information security violations following agency procedures. Develops and implements information security incident response plans. Schedule regular internal intrusion testing as well as assist in the review and evaluation of varioussecurity audit logs;
• Provide security guidance for all IT projects; Reviews new projects for security risks;
• Represent the agency at internal and external security meetings;
• Research laws and regulations that could affect the security controls and classifications. Monitor various state, federal, and industry security resources for emerging threats, evaluate their impact to OAG, and make appropriate countermeasure strategy recommendations to management. Confirm OAG compliance with applicable federal and state mandated laws, rules and regulationsregarding informationsecurity;
• Monitor information security compliance and recommends improvements. Recommend and approve security education and awareness programs. Implement security training to technical staff and the user community where applicable, promoting employee education and awareness. Automate system reporting and proactive alerting for actionable situations; Optimize system monitoring, maintenance and reporting as related to security;
• Actively participate in IT Change Control meetings ensuring OAG policies and information security is maintained and assist with the evaluation of emerging technologies;
• Develop, deploy and manage an information security framework utilizing industry best practices. Establish a view of the entire security landscape, identifying potential security gaps and prioritizing initiatives for improvement. Maintains guidelines for development of secure application code;
• Supervise staff and assign work, write performance and probationary evaluations, conduct interviews and hire staff as needed;
• Vendor management as needed. Reviews contracts, service level agreements and other documents to verify they meet information security needs and requirements;
• Excellent interpersonal, written and verbal communications. Excellent analytical and problem solving skills; and
• Experience communicating security concepts to all levels of the organization.
Technology certification(s) ideal for this position:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
Bachelor's degree* and seven years of information technology experience, including five years of information security or information assurance experience. Preference is for candidates with current certification as an Information Security Officerfrom a recognized ISO certification organization.
Applications are being received via email. To apply, please submit your complete application to William.Harrison@ag.ny.gov.
Applicants must indicate the position title “Chief Information Security Officer” in their cover letter and subject line. Applicants must be prepared to submit a complete application consisting of the following:
• Cover Letter (You may address to William Harrison, Assistant Director of Personnel, Human Resources Management Bureau);
• List of three (3) references with contact information and email addresses.
Please note: Failure to submit a complete application will delay the consideration of your application. If you have questions about a position with the OAG, the application process or assistance with submitting your application, please contact the Legal Recruitment Bureau via email at email@example.com. For more information about the OAG, please visit our website: www.ag.ny.gov.