Short Description:
This position will heavily involve Security Risk/Vulnerability Assessment and remediation efforts, while providing industry best practices direction/oversight and ensuring policy fulfillment. The selected resource must have strong leadership skills etc.
Complete Description:
The Senior Business Subject Matter Expert (SME) brings proven experience from related businesses or organizations as well as system integration and technology experience. They consult with the client to define needs or problems, conduct research, perform studies and surveys to obtain data, and analyze problems to advise and make recommendations on business and technical solutions based on hands-on experience solving similar business problems. They are able to utilize knowledge of theory, principles, or technology of specific discipline or field of specialization.
This position will heavily involve Security Risk/Vulnerability Assessment and remediation efforts, while providing industry best practices direction/oversight and ensuring policy fulfillment. The selected resource must have strong leadership skills and strong functional experience in Security, along with a strong technical understanding of IT Security.
This is highly advanced technical work in the administration of information security programs, policies, and procedures within an agency’s centralized information security unit or in the Office of Administration (OA).
A resource in this job performs a broad range of security duties in support of agency or Commonwealth information security. Work involves serving as the Information Security Officer (ISO) at an agency with complex information security needs, or as a staff support information security specialist in OA or in an agency with the most complex information security needs.
Work involves developing, implementing, administering, and maintaining system security standards, policies, procedures, and access to Commonwealth or agency systems to ensure the confidentiality, integrity, and availability of systems, networks, servers, and data; developing or modifying security plans and security assessment and auditing policies and procedures; implementing Commonwealth security policies; managing the implementation of complex security programs; advising security team members, agency personnel, and information technology (IT) managers on security related matters; identifying security threats and developing counter measures through the use of appropriate technologies; and developing business intelligence security reports to keep senior level managers informed of system-wide
security issues and programs.
Work also involves providing consultative expertise and making recommendations to a higher level information security specialist or officer, agency IT managers, and agency heads on information security related matters. In an agency, work is differentiated from the next lower level by the responsibility for serving as the ISO for an agency with complex information security needs, or serving as staff support to a higher level ISO where work involves the development of agency-wide security standards and policies. Employees in an agency may interact with the Office of Administration for assistance on highly complex or Commonwealth-wide security issues. In OA, work is differentiated from the next lower level by the project leadership role for enterprise information security projects, which may include the
development or upgrade of enterprise security systems, or consultative and developmental work in support of agency security projects. Positions may supervise lower level positions performing technical or advanced technical information security work or serve as a lead worker for lower level information security specialists performing advanced technical information security work. Work is performed under the supervision of an Information Security Specialist 3 or other administrative or technical supervisor and is reviewed for compliance with agency and Commonwealth security standards.
EXAMPLES OF WORK: Develops policies, procedures, and guidelines regarding physical and data security safeguards for the protection of computer assets, confidentiality, and integrity of information.
Reviews proposed systems, networks, and software designs for potential security risks.
Coordinates the implementation of security programs across platforms.
Identifies vulnerabilities and violations and recommends technical corrective actions.
Participates in network, application, and other IT system designs to ensure implementation of appropriate systems security policies.
Works with application design analysts to jointly arrive at the most secure and efficient method of protecting on-line transaction data.
Evaluates and analyzes the need for encryption of information.
Develops agency level plans and security programs.
Serves as a project leader by assigning and reviewing work and performing quality control functions for the work performed by team members on the project for the duration of the security project.
Reviews IT system design strategies to determine proper interface with security systems.
Promotes awareness of security issues among management, employees, and other entities Commonwealth-wide or agency-wide and ensures sound security principles are reflected in the organization’s vision and goals.
Manages outsourced contracts and vendors to implement information security programs and policies.
Employees in this job may participate in their subordinates’ work consistent with operational or organizational requirements.
Performs the full range of supervisory duties.
Functions as a lead worker for advanced technical work by assigning and reviewing work, training employees, and performing quality control functions for the work.
Performs related work as required.
Skills:
Skill
Required / Desired
Amount
of Experience
BA/BS Degree in Information Technology, IT Security, Business, or Engineering or equivalent experience
Required
5
Years
IT Security experience
Required
5
Years
Strong IT Security Auditing and Compliance experience
Required
5
Years
Technical Experience
Required
5
Years
GIAC and CISSP certified
Highly desired
5
Years
Ability to build and maintain relationships with EISO staff, IT managers IT staff and Agency Business Owners
Required
5
Years
Excellent verbal/written communication skills and ability to explain technical information establish rapport, persuade others and gain understanding
Required
5
Years
Proficient with MS Project MS-Excel, MS-Word and MS-Power Point suite
Required
5
Years
GRC (Governance, risk management and compliance) experience
Required
5
Years
Superior problem solving communication and negotiation skills including effective leadership, planning and motivational capabilities
Required
5
Years
Proficiency in Project Management tools and procedures (i.e. MS project, Service Now, ITIL)
Required
2
Years