State of Maryland

A Department of Information Technology (DoIT) Executive Cyber Leadership I is the managerial level of work managing resources to support Information Technology (IT) security goals and objectives in the Office of Security Management (OSM). Positions in this classification function as a director and directly supervise technical information technology staff or manage such staff through subordinate supervisors or managers. 

Employees in this classification receive managerial supervision from the State Chief Information Security Officer or other designated official.

Position placement in this classification is determined by the Classification Job Evaluation Methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a classification specification.

Acquires and manages necessary resources including leadership support, financial resources, and key security personnel to support IT security goals and objectives and to reduce overall organizational risk;

Acquires resources to conduct an effective enterprise continuity of information security operations program;

Advises senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements;

Advocates the organization's official position in legal and legislative proceedings;

Communicates the value of IT security throughout all levels of the organization and to stakeholders;

Develops and maintains strategic plans;

Interfaces with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other computer network defense information;

Leads and aligns IT security priorities with the security strategy;

Leads and oversees information security budget, staffing, and contracting;

Manages the publishing of computer network defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency;

Monitors and evaluates the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection;

Recommends policy and coordinates the review and approval of policy recommendations;

Supervises and manages protective or corrective measures when a cybersecurity incident or vulnerability is discovered;

Promotes awareness of security issues among management and ensures sound security principles are reflected in the organization's vision and goals;

Oversees policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies;

Identifies security requirements specific to an IT system in all phases of the system life cycle;

Ensures that action plans, milestones, and/or remediation plans are in place for vulnerabilities identified during risk assessments, audits and inspections;

Defines and/or implements policies and procedures to ensure protection of critical infrastructure as appropriate;

Supervises and assigns work to programmers, designers, technologists, technicians, and/or other engineering and scientific personnel;

Coordinates with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets;

Assesses policy needs and collaborates with stakeholders to develop policies to govern cyber security activities;

Designs and integrates cyber strategies that outline the vision, mission, and goals and ensures alignment with the organization's strategic plan;

Performs information security risk assessments;

Conducts long-range strategic planning efforts with internal and external partners in cyber security activities;

Collaborates on cyber privacy and security policies and procedures;

Collaborates with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation;

Prescribes and oversees the professional development and technical training of staff;

Appoints and guides IT security experts;

Collaborates with key stakeholders to establish a cybersecurity risk management program;

Performs other related duties.

Specific educational and experience requirements are set by the agency based on the essential job functions assigned to the position.

Class descriptions broadly define groups of positions used by various State departments and agencies. Position descriptions maintained by the using department or agency specifically address the essential job functions of each position.

Class Descriptions provide information about the Nature of Work, Examples of Work, General Requirements and Acknowledgements.  The Required Knowledge, Skills, and Abilities; Minimum Education and Experience Requirements; Special Requirements; and recruitment and testing procedures are set by the using agency.

This is a Management Service classification in the State Personnel Management System.  All positions in this classification are Management Service positions.

This classification is not assigned to a bargaining unit, as indicated by the designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or Commission Member), W (Student), X (Used by Agency or Excluded by Executive Order), or Z (Confidential).  As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded collective bargaining.  Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.  

July 1, 2021

Director, Division of Classification and Salary