Job Seekers, Please send resumes to email@example.com
ODPS is seeking a resource to lead and guide the security staff members in development, publication, and enforcement of IT security policies, strategic and tactical security plans, goals, and objectives.
Assess the Security Operations Group and give recommendations of policies and standards of the ODPS.
Recommend standards and best practices for approval by senior department managers. Maintain approved standards and best practices for ODPS security infrastructure. Coordinate with Legal Services to ensure compliance with various statutes and regulations governing information security and privacy. Meet with representatives of federal, state, and local government to discuss, plan, and/or implement security initiatives, security audits, and security plans.
Work with ITO section chiefs and their personnel to identify security needs for each IT project and to then implement appropriate information security and privacy controls in accordance with NIST standards.
Identify and implement security technologies across ODPS relating to logging, reporting, monitoring, detecting and preventing computer security incidents.
Act as the Department’s Data Privacy Point of Contact. Attend meetings with state officials to discuss policies, procedures, and other security and privacy controls. Report security and privacy breaches to the State Office of Information Technology.
Create and conduct training programs for security staff members, computer users, and contractors throughout ODPS.
Participate as a member in the ODPS Computer Security Incident Response Team, direct and train IT security personnel in incident response procedures and responses. Act as leader of the response team.
Recommend appropriate standards, guidelines, and procedures to use for vulnerability assessment, penetration testing, and system hardening. Implement approved standards throughout ODPS. Conduct enterprise risk assessments. Review results of risk assessments and security assessments and develop strategies to mitigate risk.
1. Bachelors Degree or higher in the area of information technology and/or information security/information assurance.
2. Possess one or more of the following certifications in an active status: CISSP, CISM, CISA, GSEC, GCIH.
3. 10+ years information technology experience with progressively more responsible positions including at least three years in a supervisory capacity and three or more years’ experience in information security.
4. Strong experience in network security products and platforms such as intrusion detection/prevention, incident response and investigation, computer forensics, vulnerability assessments, and penetration testing.
5. Experience identifying protection goals, objectives and metrics to develop a security strategic plan.
6. Strong experience managing the development and implementation of enterprise security standards, guidelines and procedures to ensure ongoing maintenance of security.
7. Experience prioritizing security initiatives and spending based on appropriate risk management and/or financial methodology.
8. Experience with incident response planning as well as the investigation of security breaches, and assisting with disciplinary and legal matters associated with such breaches.
9. 24 mos. trg. or 24 mos. exp. in computer systems analysis, design & operations or data security involving determination of appropriate access levels for resources & data files requiring resource access control facility (RACF) protection & formulating appropriate access profiles for each application;