Introduction
The Office of Security Management (OSM) within the Department of Information Technology (DoIT) provides units of State and Local government with a common strategy for secure, effective, and technically-sound use of the information technology resources. The Office of Security Management is responsible for the establishment of security policies, guidance, awareness, and technology to protect the confidentiality, integrity, and availability of state data and systems. OSM is also the source of IT security information for State agencies and aids local government entities to improve their cybersecurity preparedness and resiliency.
GRADE
26
LOCATION OF POSITION
Dept. of Information Technology
100 Community Place
Crownsville, MD 21032
Main Purpose of Job
The Office of Security Management (OSM) within the Department of Information Technology (DoIT) provides units of State and Local government with a common strategy for secure, effective, and technically-sound use of the information technology resources. The Office of Security Management is responsible for the establishment of security policies, guidance, awareness, and technology to protect the confidentiality, integrity, and availability of state data and systems. OSM is also the source of IT security information for State agencies and aids local government entities to improve their cybersecurity preparedness and resiliency.
This is a Management Service position, and serves at the pleasure of the Appointing Authority.
MINIMUM QUALIFICATIONS
Education: A bachelor's degree from an accredited college or university.
Experience: Three years of experience in one of the following areas:
● Managing governance, risk, and compliance (GRC) programs or assessments for large organizations.
● Building or using GRC platforms that align with known or established compliance frameworks such as NIST SP 800-53, NIST CSF, CIS CSC, and ISO 27001.
● Developing and implementing IT and cybersecurity policy including writing and managing updates to policies, procedures, and standards documentation.
● Management and execution of system assessments, risk assessments, or vulnerability assessments, including, resolution of discovered issues and development of POAM documentation.
DESIRED OR PREFERRED QUALIFICATIONS
Our preferred candidate will have the following:
Certifications - One or more of the following:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA) Governance of Enterprise Information Technology (GEIT)
- GRC Professional (GRCP) Certification
- Certified in Risk and Information Systems Control (CRISC)
- Certification in Risk Management Assurance (CRMA)
- Project Management Institute – Risk Management Professional (PMI-RMP)
Experience - In each of these three areas:
● Experience with regulatory and security requirements regarding specific data types including Federal Tax
Information (FTI), Personally Identifiable Information (PII), Protected Health Information (PHI), Payment
Card Industry (PCI), and Criminal Justice Information Systems (CJIS).
● Experience managing cybersecurity governance, risk, and compliance programs in Federal, State, or Local
Government organizations.
● Experience using or developing a GRC platform or program.
SELECTION PROCESS
Please make sure that you provide sufficient information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date. Successful candidates will be placed on the eligible (employment) list for at least one year.
For education obtained outside the U.S., a copy of the equivalent American education as determined by a foreign credential evaluation service must be provided prior to hire.
EXAMINATION PROCESS
The evaluation may consist of a rating of your education, training, and experience related to the requirements of the position. It is important that you provide complete and accurate information on your application. Please report all experience and education that is related to this position.
BENEFITS
FURTHER INSTRUCTIONS
Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Department of Budget and Management, Recruitment and Examination Division, 301 W. Preston St., Baltimore, MD 21201. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.
For questions regarding this recruitment, please contact the DBM Recruitment and Examination Division at Application.Help@maryland.gov or 410-767-4850, MD TTY Relay Service 1-800-735-2258.
We thank our Veterans for their service to our country.
People with disabilities and bilingual candidates are encouraged to apply.
As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.
