- Hourly / - BiWeekly /
- Monthly / $95,991.00-$154,928.00 Yearly
SKILLED
SERVICE BARGAINING UNIT:
G NCP
Knowledge of computer
networking concepts and protocols, and network security methodologies;
Knowledge of risk
management processes (e.g., methods for assessing and mitigating risk);
Knowledge of laws,
regulations, policies, and ethics as they relate to cybersecurity and privacy;
Knowledge of cybersecurity
and privacy principles;
Knowledge of cyber threats
and vulnerabilities;
Knowledge of specific
operational impacts of cybersecurity lapses;
Knowledge of
industry-standard and organizationally accepted analysis principles and
methods;
Knowledge of information
technology (IT) architectural concepts and frameworks;
Knowledge of Risk
Management Framework (RMF) requirements;
Knowledge of resource
management principles and techniques;
Knowledge of system life
cycle management principles, including software security and usability;
Knowledge of how
information needs and collection requirements are translated, tracked, and
prioritized across the extended enterprise; Knowledge of Supply Chain Risk
Management Practices (NIST SP 800-161);
Knowledge of import/export
control regulations and responsible agencies for the purposes of reducing
supply chain risk; Knowledge of supply chain risk management standards,
processes, and practices.
Knowledge of risk threat
assessment; Knowledge of information technology (IT) supply chain security and
supply chain risk management policies, requirements, and procedures; knowledge
of organizational process improvement concepts and process maturity models
(e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for
Services, and CMMI for Acquisitions); Knowledge of service management concepts
for networks and related standards (e.g., Information Technology Infrastructure
Library, current version [ITIL]);
Knowledge of how to
leverage research and development centers, think tanks, academic research, and
industry systems; Knowledge of information technology (IT)
acquisition/procurement requirements; Knowledge of the acquisition/procurement
life cycle process.
Skill in identifying
measures or indicators of system performance and the actions needed to improve
or correct performance, relative to the goals of the system; Skill in
conducting audits or reviews of technical systems;
Skill in translating
tracking, and prioritizing information needs and intelligence collection
requirements across the extended enterprise.
Ability to ensure security
practices are followed throughout the acquisition process.
Experience: Eight years of experience in information assurance or in a role performing IT Audits or evaluating the effectiveness of security control design and operation.
Notes:
1. Candidates may substitute a bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, computer engineering or related field for up to four years of the required experience.
2. Candidates may
substitute the “Education” requirement listed above, for a High School Diploma
or possession of a High School Equivalency certificate and two additional years
of experience as described above.
3. Candidates may substitute up to two
years of the “Experience” requirement listed above for a graduate level degree in
computer science, cybersecurity, information technology, software engineering,
information systems, computer engineering or related field from an accredited
college or university.
Must have a Cyber
Security Service Provider (CSSP) Auditor certification as described on the
Maryland
Department of
Information Technology website.
1. Employees in this classification may be subject to call-in 24
hours a day and, therefore, may be required to provide the employing agency
with a telephone number where the employee can be reached. Employees may be
furnished with a pager or cell phone.
2. Applicants for this classification may handle
sensitive data. This will require a full
scope background investigation prior to appointment. A criminal conviction may be grounds for
rejection of the applicant.
3. Employees
may occasionally be required to travel to field locations and must have access
to an automobile in the event a state vehicle cannot be provided. Standard
mileage allowance will be paid for use of a privately owned vehicle.
July 1, 2021
Director, Division of
Classification and Salary