State of Maryland

DoIT Executive Cyber Leadership II (#004720)

- Hourly / - BiWeekly /
- Monthly / $142,716.00-$214,812.00 Yearly


GRADE

ES 9

CLASS ATTRIBUTES

EXECUTIVE SERVICE

NATURE OF WORK

A Department of Information Technology (DoIT) Executive Cyber Leadership II is the State Chief Information Security Officer   They are the technical expert level of work managing resources to support Information Technology (IT) Security goals and objectives across state agencies.  This role is appointed by the Governor and reports to the Secretary of the Dept. of Information Technology. 

Employees in this classification receive managerial supervision from the Secretary of the Department of Information Technology.

Position placement in this classification is determined by the Classification Job Evaluation Methodology. The use of this method involves comparing the assigned duties and responsibilities of a position to the job criteria found in the Nature of Work and Examples of Work sections of a classification specification.

EXAMPLES OF WORK

Acquires and manages necessary resources including leadership support, financial resources, and key security personnel to support IT security goals and objectives and to reduce overall organizational risk;

Acquires resources to conduct an effective enterprise continuity of information security operations program;

Advises senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements;

Advocates the organization's official position in legal and legislative proceedings;

Communicates the value of IT security throughout all levels of the organization and to stakeholders;

Develops and maintains strategic plans;

Interfaces with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other computer network defense information;

Leads and aligns IT security priorities with the security strategy;

Leads and oversees information security budget, staffing, and contracting;

Manages the publishing of computer network defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency;

Monitors and evaluates the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection;

Recommends policy and coordinates the review and approval of policy recommendations;

Supervises and manages protective or corrective measures when a cybersecurity incident or vulnerability is discovered;

Promotes awareness of security issues among management and ensures sound security principles are reflected in the organization's vision and goals;

Oversees policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies;

Identifies security requirements specific to an IT system in all phases of the system life cycle;

Ensures that action plans, milestones, and/or remediation plans are in place for vulnerabilities identified during risk assessments, audits and inspections;

Defines and/or implements policies and procedures to ensure protection of critical infrastructure as appropriate;

Supervises and assigns work to programmers, designers, technologists, technicians, and/or other engineering and scientific personnel;

Coordinates with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets;

Assesses policy needs and collaborates with stakeholders to develop policies to govern cyber security activities;

Designs and integrates cyber strategies that outline the vision, mission, and goals and ensures alignment with the organization's strategic plan;

Performs information security risk assessments;

Conducts long-range strategic planning efforts with internal and external partners in cyber security activities;

Collaborates on cyber privacy and security policies and procedures;

Collaborates with cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation;

Prescribes and oversees the professional development and technical training of staff;

Appoints and guides IT security experts;

Collaborates with key stakeholders to establish a cybersecurity risk management program;

Performs other related duties.

GENERAL REQUIREMENTS

Specific educational and experience requirements are set by the agency based on the essential job functions assigned to the position.

ACKNOWLEDGEMENTS

Class descriptions broadly define groups of positions used by various State departments and agencies. Position descriptions maintained by the using department or agency specifically address the essential job functions of each position.

Class Descriptions provide information about the Nature of Work, Examples of Work, General Requirements and Acknowledgements.  The Required Knowledge, Skills, and Abilities; Minimum Education and Experience Requirements; Special Requirements; and recruitment and testing procedures are set by the using agency.

This is an Executive Service classification in the State Personnel Management System.  All positions in this classification are Executive Service positions. 

This classification is not assigned to a bargaining unit, as indicated by the designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or Commission Member), W (Student), X (Used by Agency or Excluded by Executive Order), or Z (Confidential).  As provided by State Personnel and Pensions Article, Section 3-102, special appointment, temporary, contractual, supervisory, managerial and confidential employees are excluded collective bargaining.  Additionally, certain executive branch agencies are exempt from collective bargaining and all positions in those agencies are excluded from collective bargaining.  

Date Established

July 1, 2021

Approved By

Director, Division of Classification and Salary


CLASS: 004720; EST: 7/1/2021;

Powered by JobAps