Information Security Officer

Posted: 06/16/17 | SHARE:

Description:

The work involves responsibility for supervising, coordinating and reporting on information security systems architecture related work which includes infrastructure design and maintenance, complex data storage, access and use requirements for established and requested computer applications, and database structures to meet these needs in a Northeastern Regional Information Center (NERIC) Data & Network Operations Center. This class differs from that of a Senior Information Security Analyst by virtue of the fact that the Information Security Officer may exercise supervision over others, conducts special project or is engaged in the architecture and maintenance of advanced systems for the BOCES and component school districts. Work is performed under the general supervision of a BOCES Supervisor. Does related work as required.

Qualifications:

-Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with a Bachelor’s degree in information security, information systems, computer science, information resources management, information technology or a closely related field, and eight (8) years of work experience in information technology, six (6) years of which included, or was closely related to, two of the eight domains of information security1

-Graduation from a regionally accredited college or university or one accredited by the New York State Board of Regents to grant degrees with an Associate’s degree in information security, information systems, computer science, information resources management, information technology or a closely related field, and ten (10) years of work experience in information technology, six (6) years of which included, or was closely related to, two of the eight domains of information security1.

PROMOTIONAL: Twenty-four (24) months of permanent competitive class status as a Managing Program Coordinator I (Network Services) or (Systems Architecture) with the BOCES or a combination thereof.

NOTES:

-The following are the eight domains of information security: 1. Security and Risk Management; 2. Asset Security; 3. Security Engineering; 4. Communication and Network Security; 5. Identity and Access Management; 6. Security Assessment and Testing; 7. Security Operations; and, 8. Software Development Security.

-Certifications in the domains of information security, such as CISSP, SSCP, CCSP, CAP, CSSLP, CCFP, or HCISPP, may be substituted for up to two (2) years of experience.

Vacancies are filled by certified list provided by Albany County Civil Service. Should no certified list be available, candidates appointed to this position will be serving in a provisional appointment in accordance with New York State Civil Service Law. The candidate must successfully complete a competitive examination and be eligible for appointment in accordance with Civil Service Law and the Civil Service Rules for Albany County to obtain a permanent appointment.

Responsibilities:

-Manages the information and security for the Data & Network Operations Center of the Regional Information Center

-Supervises and trains information security personnel

-Recommends for change or modification of systems/applications related to information security

-Develops and implements strategic systems architecture plans for the BOCES and school districts

-Researches new systems architecture standards to apprise and identify future technology needs of the BOCES and component school districts

-Coordinates breach of privacy incident handling

-Establishes standards, and audits usage to ensure compliance with established standards

-Assists other RIC administrators in the preparation of competitive bid specifications by providing hardware, software, service and staff development requirements

-Regularly reports to the District Superintendent, Chief Information Security Officer, and Board of Education on the state of information and security systems and compliance

-Recommends information and security policy changes for the Regional Information Center to the District Superintendent, Chief Information Security Officer, and the Board of Education

-Develops long-term strategic planning for implementation of new systems architecture, maintenance and replacement of existing equipment and technology and other associated tools

-Designs and coordinates the implementation of both strategic and tactical infrastructures suitable for applications in a multi-activity environment

-Reviews both new systems, and proposed or requested changes to existing systems/applications, which may affect the Data & Network Operations Center

-Monitors systems for usage, response, and potential restructuring

-Manages mass information storage resources by determining the physical placement for data records incorporated into systems and databases as related to the security of the information therein contained

-Audits and advises back-up, recovery and business continuity activities

-Manages the security architecture of systems/applications to accommodate physical or logical changes

-Develops and maintains vendor partnerships

-Coordinates design review activities for infrastructure and software implementations

-Provides recommendations in conjunction with the NERIC Director and BOCES Finance staff, an annual budget for the Data & Network Operations Center

-Thorough knowledge of a data & network operations center, infrastructure, systems management, structures and techniques

-Thorough knowledge of the current Information Security common body of knowledge, and related security standards

-Thorough knowledge of electronic data processing hardware and software, their capabilities and application

-Good knowledge of electronic data processing systems, principles, practices and procedures of systems and applications programming

-Good knowledge of current literature, sources of information and technological developments in the field of information security and systems architecture

-Good knowledge of the NIST 800 family information security guidelines and procedures

-Working knowledge of information security compliance domains such as: FERPA, HIPAA, ED1, FOIL, and Education Law 2D; along with a working knowledge of the information security and privacy domains related to the normal operation of the NERIC

-Working knowledge of budget preparation and the BOCES budgetary process

-Ability to analyze systems requirements of a variety of applications and to design appropriate infrastructures

-Ability to prepare comprehensive reports and diagrams relative to systems architecture

-Ability to direct and review the work of others

-Ability to prepare written and oral reports

-Ability to accurately convey both written and verbal directions

-Ability to form and maintain effective working relationships

-Ability to exercise independent judgment

-Physical condition commensurate with the demands of the position

Application Deadline: June 22, 2017

Apply to: CRBRecruitment@neric.org which should include your letter of interest and resume.

Return to job listings