Introduction
The State of Connecticut, Department of Administrative Services (DAS) Bureau of Information Technology Solutions (BITS) is seeking a Chief Information Security Officer (Information Technology Manager 4). This is an executive level role responsible for development, execution, and monitoring of cybersecurity policies that support State of Connecticut citizens, businesses, and internal State agency partners. This is a hybrid work role allowing a combination of in-office and remote work reporting directly to the CIO.
WHAT WE CAN OFFER YOU
- Competitive starting salary
- A Platinum Healthcare Plan, the nation’s best for state employees and dependents, according to a report by Georgetown’s Center on Health Insurance Reform an article by Ellen Andrews, Ph.D., along with comprehensive benefit offerings
- Extensive pension plan and supplemental retirement offerings
- Paid time off including 13 paid holidays per calendar year
- A culture that encourages work-life balance
- Professional growth and development opportunities
- Work for a Forbes top company - ‘Forbes’: State of Connecticut Ranked One of the Best Employers of 2023 - State of CT Receives National Recognition for Offering Job Growth, Competitive Benefits, and Flexible Schedule
- State of Connecticut is an eligible Public Service Loan Forgiveness employer, meaning you may be eligible to have qualifying student loans forgiven after 10 years of service. Click here for more information.
THE ROLE
The selected individual will be a member of the IT Executive Leadership Team holding a critical and influential role; making investment and priority trade-off decisions, establishing statewide policies, identifying areas of risk and investment required to reduce cybersecurity risks, negotiating and managing vendor contracts, and recruiting and developing high performing teams. This leader will also be primarily responsible for leading periodic reviews of the state’s electricity, natural gas, and water public utility providers to ensure citizens of Connecticut continue to receive reliable infrastructure services.
The individual selected to fill the role of Chief Information Security Officer must be a leader who has experience successfully championing and delivering positive cultural change. The Chief Information Security Officer will be instrumental in establishing a modern, statewide security capability and growing a culture of innovation and engagement; leveraging our current and emerging resources toward the goal of strengthening the State of Connecticut as the IT employer of choice.
Therefore, it is imperative that the individual selected to fill this role is an intelligent, articulate, consensus building, and persuasive leader who can serve as an effective member of the Information Technology Services team and communicate information security-related concepts to a broad range of technical and non-technical staff.
The ideal candidate would have:
- Bachelor’s degree or combination of equivalent education and experience to allow the position to complete the essential functions of the job;
- Information security program development and management to include: risk identification and mitigation, security governance, audit management, and compliance;
- Implementation experience with commonly accepted industry standards and best practices, including but not limited to National Institute of Standards and Technology (NIST) 800-53 and the NIST Cybersecurity Framework;
- Experience with current legal and regulatory requirements around information security and privacy, including but not limited to federal regulations for payment card, health data and other protected information;
- Experience in the areas of security architecture and standards, secure network design, security event and incident management and vulnerability management; and
- Experience with secure software development techniques and strategies.
Please refer to the
Addendum for more information.
POSITION HIGHLIGHTS
- Monday - Friday
- Full-time (40 hours per week)
- First shift
- Location: Hartford, CT
- Hybrid work environment (combination of on-site and remote work)
View the video below to learn what it's like to be part of this innovative BITS team!
Selection Plan
- For current state employees, salary calculations are not necessarily comparable from one of the three branches of state government (i.e., Executive, Legislative, Judicial) to the other.
To Apply:
- In order to be considered for this job opening, you must meet the Minimum Qualifications as listed on this job opening. You must specify your qualifications on your application.
- The minimum experience and training requirements must be met by the close date on the job opening, unless otherwise specified.
- Ensure that your application is complete and detailed before submitting it. In order to comply with Public Act 21-69, the State of Connecticut is no longer asking for resumes during the initial application process. You will not be able to make revisions once your application is submitted into the JobAps system.
- Please select all location(s) and shift(s) you are willing to work on your application. Failure to do so may result in not being considered for vacancies in that specific location or shift.
- In order to receive educational credits toward qualification for this job posting, the institution must be accredited. If the institution of higher learning is located outside of the U.S., you are responsible for providing documentation from a recognized USA accrediting service which specializes in determining foreign education equivalencies to the Talent Acquisition Professional listed on this job posting.
- All application materials must be received by the recruiting agency by the time specified on the job opening for the position for which you are applying. Late applications may not be submitted and will not be considered. Exceptions are rare and limited to documented events that incapacitate a candidate during the entire duration of the job posting time period. It is the candidate’s obligation and responsibility to request an exception and provide a legally recognized justification to accommodate such exception. Requests should be made to DAS.SHRM@ct.gov.
FOR ASSISTANCE IN APPLYING:
- Please read or watch our Applicant Tips on How to Apply.
Important Information After You Apply:
- This posting may require completion of additional referral questions (RQs). You can access these RQs via an email that will be sent to you after the posting's closing date or by visiting your JobAps Personal Status Board (Certification Questionnaires section). Your responses to these RQs must be submitted by the questionnaire's expiration date. Please regularly check your email and JobAps Personal Status Board for notifications. Please check your SPAM and/or Junk folders on a daily basis in the event an email provider places auto-notification emails in a user's spam.
- Read through this helpful link to prepare for your interview.
- Although applicants will receive correspondence via email, as a backup they are also encouraged to sign on to their Personal Status Board on a daily basis to monitor their status, view all emailed notices and complete tasks required in the recruitment process.
- Note: At any point during the recruitment process, applicants may be required to submit additional documentation which support their qualification(s) for this position. These documents may include: a cover letter, resume, performance reviews, attendance records, supervisory references, licensure, etc., at the discretion of the hiring agency.
- Interviews will be limited to candidates whose experience and training most closely meet the requirements of the position.
- The immediate vacancy is listed above, however, applications to this recruitment may be used for future vacancies in this job class.
Connect With Us:
Due to the large volume of applications received, we are unable to provide confirmation of receipt or status during the recruitment process. Updates will be available through your JobAps portal account. Should you have any questions pertaining to this recruitment, please contact Frank DeCusati at frank.decusati@ct.gov.
PURPOSE OF JOB CLASS (NATURE OF WORK)
Within the Department of Administrative Services, Bureau of Information Technology Solutions and Centers of Information Technology Excellence, these classes are accountable for the management and direction of information systems, applications development, management and implementation of complex information technology projects implementing business and technical requirements into architectural blueprints, maintenance, computer operations and similar information technology functions including technical and support staff.
EXAMPLES OF DUTIES
In this role, you will be responsible for:
- Managing the central security team, which supports multiple security capabilities including Incident Monitoring and Response, Security Threat Detection, Security Policy and Audit;
- Working collaboratively with the Public Utilities Regulatory Authority (PURA) and public utility providers in the state to conduct reviews of cybersecurity controls and publish findings that reduce risk of cybersecurity intrusion into the state’s critical utility sector;
- Assisting PURA during periodic utility rate case reviews that encompass cybersecurity expenditures, including advising the PURA Chairperson on the prudency of the proposed or expended industry investment in cybersecurity-related measures;
- Overseeing policy development, measurement and improvement with a focus on being proactive, not reactive;
- Engaging agency partners, building critical relationships by listening, learning and understanding their business challenges;
- Communicating technological solutions that will improve security while maintaining operations based on research, capability, integration ability and cost;
- Working with agency partners developing training and deployment plans aimed at maximizing both user adoption and realization of business benefits;
- Initiating, planning, scheduling and managing multiple high priority projects and programs utilizing a variety of methodologies;
- Creating and maintaining program roadmaps for capital funded projects and programs in support of enterprise functions;
- Leveraging technology trends to increase efficiency, reduce costs, and drive value;
- Developing, implementing and monitoring security policies and controls to ensure data accuracy, security, legal and regulatory compliance;
- Preparing cybersecurity risk tracking status reports that describe the state’s risk position and how efforts are working to reduce overall risk position;
- Managing vendor relationships and negotiating contracts to procure resources and technology solutions to meet the company's strategic objectives;
- Recruitment, development and retention of highly skilled cybersecurity talent, especially for key leadership positions for succession planning;
- Implementing and championing a robust professional development program, to continuously upskill team members to keep them current in this difficult to staff field;
- Evaluating team member performance, providing candid feedback and high impact coaching that enables and motivates individuals to develop themselves and achieve departmental as well as enterprise goals; and
- Performing related duties as required.
KNOWLEDGE, SKILL AND ABILITY
- Plan and Deploy for Business Results, which includes the ability to develop and implement business plans, IT plans, budget plans, and human resource plans in order to maximize budget allocations, technology, personnel and other resources to achieve agency and program goals.
- Lead Change, which includes innovation, the ability to be a creative problem solver and a strategic thinker, and the ability to recognize and develop opportunities to grow and develop information technology services in response to customers and a changing work environment
- Focus on Results and Quality, including exercising and promoting accountability, and the ability to analyze surveys, financial and other data, and use strategic planning and performance measurement techniques to continuously improve performance and maintain competitiveness
- Understand Customers and Markets, which includes the ability to establish customer satisfaction and loyalty, forecast and conduct market analyses, keep ahead of industry trends and incorporate “best practices” into information technology operations.
- Lead People, including the ability to resolve conflict, communicate effectively, coach and train employees, recognize performance, and foster diversity and teamwork.
- Build Coalitions, including the ability to explain and advocate facts and ideas in a convincing manner, to negotiate with individuals and groups internally and externally, to gain cooperation from others, and to identify the internal and external politics that impact the work of the organization.
- Business Knowledge, including knowledge of the technical, professional, procedural and legal requirements of the specific information technology area.
MINIMUM QUALIFICATIONS - GENERAL EXPERIENCE
Ten (10) years of experience in computer or network administration, architecture, operations, production control, systems development, information technology analysis and planning.
MINIMUM QUALIFICATIONS - SPECIAL EXPERIENCE
Three (3) years of the General Experience must have been in a managerial capacity.
NOTE: For state employees this experience is interpreted to be at the level of an Information Technology Manager 2.
MINIMUM QUALIFICATIONS - SUBSTITUTIONS ALLOWED
- College training in computer science, management information systems or a closely related field may be substituted for the General Experience on the basis of fifteen (15) semester hours equalling one half (1/2) year of experience to a maximum of four (4) years for a Bachelor’s degree.
- A Master’s degree in computer science, management information systems or a closely related field may be substituted for one (1) additional year of the General Experience.
PREFERRED QUALIFICATIONS
- Possession of one or more recognized security certifications/accreditations such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent.
- Experience with electric, natural gas, water, or telecommunications utility industry, including advanced metering infrastructure, grid modernization technologies, and data management platforms.
- Experience working as an Information Security Officer in higher education, governmental agencies or corporate industry setting.
- Experience with disaster recovery planning and testing.
- Experience in auditing, including risk analysis and business continuity planning.
Conclusion
AN AFFIRMATIVE ACTION/EQUAL OPPORTUNITY EMPLOYER
The State of Connecticut is an equal opportunity/affirmative action employer and strongly encourages the applications of women, minorities, and persons with disabilities.
ACKNOWLEDGEMENT
As defined by Sec. 5-196 of the Connecticut General Statutes, a job class is a position or group of positions that share general characteristics and are categorized under a single title for administrative purposes. As such, a job class is not meant to be all-inclusive of every task and/or responsibility.