- Hourly / - BiWeekly /
- Monthly / $142,716.00-$214,812.00 Yearly
EXECUTIVE SERVICE
A Department of Information Technology (DoIT) Executive
Cyber Leadership II is the State Chief Information Security Officer They are the technical expert level of work
managing resources to support Information Technology (IT) Security goals and
objectives across state agencies. This
role is appointed by the Governor and reports to the Secretary of the Dept. of
Information Technology.
Employees in this classification receive managerial supervision
from the Secretary of the Department of Information Technology.
Position placement in
this classification is determined by the Classification Job Evaluation Methodology.
The use of this method involves comparing the
assigned duties and responsibilities of a position to the job criteria found in
the Nature of Work and Examples of Work sections of a classification
specification.
Acquires and manages necessary resources
including leadership support, financial resources, and key security personnel
to support IT security goals and objectives and to reduce overall
organizational risk;
Acquires resources to conduct an effective
enterprise continuity of information security operations program;
Advises senior management (e.g., CIO) on
cost/benefit analysis of information security programs, policies, processes,
systems, and elements;
Advocates the organization's official position
in legal and legislative proceedings;
Communicates the value of IT security throughout
all levels of the organization and to stakeholders;
Develops and maintains strategic plans;
Interfaces with external organizations (e.g.,
public affairs, law enforcement, Command or Component Inspector General) to
ensure appropriate and accurate dissemination of incident and other computer
network defense information;
Leads and aligns IT security priorities with the
security strategy;
Leads and oversees information security budget,
staffing, and contracting;
Manages the publishing of computer network defense
guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs)
for the enterprise constituency;
Monitors and evaluates the effectiveness of the
enterprise's cybersecurity safeguards to ensure that they provide the intended
level of protection;
Recommends policy and coordinates the review and
approval of policy recommendations;
Supervises and manages protective or corrective
measures when a cybersecurity incident or vulnerability is discovered;
Promotes awareness of security issues among
management and ensures sound security principles are reflected in the
organization's vision and goals;
Oversees policy standards and implementation
strategies to ensure procedures and guidelines comply with cybersecurity
policies;
Identifies security requirements specific to an
IT system in all phases of the system life cycle;
Ensures that action plans, milestones, and/or
remediation plans are in place for vulnerabilities identified during risk
assessments, audits and inspections;
Defines and/or implements policies and
procedures to ensure protection of critical infrastructure as appropriate;
Supervises and assigns work to programmers,
designers, technologists, technicians, and/or other engineering and scientific
personnel;
Coordinates with organizational manpower
stakeholders to ensure appropriate allocation and distribution of human capital
assets;
Assesses policy needs and collaborates with
stakeholders to develop policies to govern cyber security activities;
Designs and integrates cyber strategies that
outline the vision, mission, and goals and ensures alignment with the
organization's strategic plan;
Performs information security risk assessments;
Conducts long-range strategic planning efforts
with internal and external partners in cyber security activities;
Collaborates on cyber privacy and security
policies and procedures;
Collaborates with cybersecurity personnel on the
security risk assessment process to address privacy compliance and risk
mitigation;
Prescribes and oversees the professional development and technical
training of staff;
Appoints and guides IT security experts;
Collaborates with key stakeholders to establish
a cybersecurity risk management program;
Performs other related duties.
Specific educational and experience requirements are set by the
agency based on the essential job functions assigned to the position.
Class descriptions broadly define groups of positions used by
various State departments and agencies. Position descriptions maintained by the
using department or agency specifically address the essential job functions of
each position.
Class
Descriptions provide information about the Nature of Work, Examples of
Work, General Requirements and Acknowledgements. The Required
Knowledge, Skills, and Abilities; Minimum Education and Experience
Requirements; Special Requirements; and recruitment and testing procedures are
set by the using agency.
This is an
Executive Service classification in the State Personnel Management
System. All positions in this classification are Executive Service
positions.
This
classification is not assigned to a bargaining unit, as indicated by the
designation of S (Supervisor), M (Manager), T (Agency Head), U (Board or
Commission Member), W (Student), X (Used by Agency or Excluded by
Executive Order), or Z (Confidential). As provided by State Personnel and
Pensions Article, Section 3-102, special appointment, temporary,
contractual, supervisory, managerial and confidential employees are
excluded collective bargaining. Additionally, certain executive
branch agencies are exempt from collective bargaining and all positions in
those agencies are excluded from collective bargaining.
July 1, 2021
Director, Division of Classification and Salary