Maryland.gov Phone Directory State Agencies Online Services

Job Seekers

Chief Information Security Officer (PROGRAM MANAGER SENIOR IV)

Information Technology Division

Recruitment #23-005485-0020

Department

COMP Executive Direction

Date Opened

7/7/2023 3:00:00 PM

Filing Deadline

7/21/2023 11:59:00 PM

Salary

$108,986.00 - $175,928.00/year

Employment Type

Full-Time

HR Analyst

David Brown

Work Location

Anne Arundel

Telework Eligible

Yes

Go Back View Benefits

Introduction

OPEN TO ALL QUALIFIED APPLICANTS

This is a position specific recruitment. The resulting certified eligible list may be used to staff several current and future vacancies for this position/function only.

GRADE

LOCATION OF POSITION

Annapolis, Maryland

POSITION DUTIES

We are seeking a Chief Information Security Officer (CISO) to join our organization. We need a strong leader with a proven track record. In this role, it is critical that you provide guidance, strategy, leadership, and direction on information security related topics. Your role will work closely with the CIO and other senior members of the technology and risk management departments to consult in areas including data/cyber security as well as addressing regulatory concerns. Your role will involve assessing and managing risks, establishing security policies and procedures, overseeing security audits, and leading a team of information security professionals.

Essential Duties:

Develop and maintain the Agency’s Information Security Program including policies, standards, and procedures; cybersecurity control evaluation, selection, and implementation; and architectures, products, and services, pursuant to the Chief Information Office (CIO) architectures, standards, and guidelines
Oversee the development and implementation of Agency IT security policies and procedures to protect the Agency from internal and external IT threats and vulnerabilities.
Direct the preparation of short- and long-term strategies for optimizing the Agency’s Information Security Plans.
Direct and participate in the identification of security risks, development and implementation of security management practices, and the measurement and monitoring of security protection measures.
Direct the handling of IT security breaches and related incidents, including overseeing the activation of incident response plan.
Serve as a subject matter expert and internal consultant on the information security implications of proposed new major information technology projects and programs and make recommendations to the Chief Executive Officer and affected departments.
Direct the development and promotion of security awareness training
Participate in the development and implementation of disaster recovery and business continuity plans to ensure that appropriate IT security measures are addressed.
Work in coordination with the Office of Risk Management to ensure Agency is meeting all security standards required to meet State and Federal compliance.

MINIMUM QUALIFICATIONS

Education: Possession of a Bachelor's degree in Computer Science, Information Systems, Public/Business Administration, or a related field from an accredited college or university.

Experience: Five years of management experience in the information technology profession, three years of which must have been concentrated in information security. This must include managing a security program for a large public or private sector organization.

** For education obtained outside of the U.S., you will be required to provide proof of the equivalent American education as determined by a foreign credential evaluation service. If you possess a degree obtained outside of the United States, please submit a detailed, course-by-course evaluation report from one of the U.S. equivalency evaluating members identified at http://www.naces.org/members.html.

DESIRED OR PREFERRED QUALIFICATIONS

Recent technical experience within the past five years demonstrating a comprehensive knowledge of information security and risk management and technology (audit compliance, regulatory compliance, business continuity and disaster recovery, vulnerability management, configuration management, web application security, intrusion detection and prevention systems, firewalls, and endpoint security).
Functional experience within the past 10 years demonstrating a comprehensive knowledge of common information security management frameworks, such as SANS CIS 20 Critical Controls, ISO/IEC 27001, as well as those from NIST, including 800-53 and Cybersecurity Framework.
Experience within the past 10 years demonstrating a comprehensive knowledge of business needs coupled with the ability to establish and maintain a high level of customer trust and confidence in the security team's concern for customers.
A current Certified Information Systems Security Professional (CISSP) certification issued by the International Information Systems Security Consortium, Certified Information Security Manager issued by the Information Systems Audit and Control Association or other comparable security accreditation/certification.
Demonstrated knowledge and experience in IT planning, auditing, and risk management, as well as contract and vendor negotiation in the IT field.
Demonstrated working knowledge of government regulations and laws related to information security specifically around Tax Information Security Guidelines.
Excellent oral and written communication skills with an ability to adapt approach, language, and style to different audiences.
Demonstrated ability to serve as an effective member of the leadership team and communicate information security-related concepts to a broad range of technical and non-technical employees.

SELECTION PROCESS

Please make sure that you provide sufficient information on your application to demonstrate that you meet the qualifications for this recruitment. Please indicate clearly any position-specific experience and ensure all education and experience sections are complete. Incomplete information may result in the disqualification of your application.

All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after this date.

*Resumes will not be accepted in lieu of a completed application.

EXAMINATION PROCESS

Only applicants who meet the minimum and selective qualifications for this recruitment will be considered for this opportunity. Approval of your application will be based on a review of your education, training and experience. It is essential that you submit complete and accurate information on your application in order to determine if you meet the qualifications as specified above. Due to the nature of this list, all qualified applicants are placed on an unranked list of candidates and will remain active on this list for at least one year.

Qualifying applicants are subject to an oral interview. Prior to appointment, the employee must successfully undergo a comprehensive background investigation including a review of criminal, MVA and tax records; and determination of legal authorization to work in the United States or under the United States Immigration Reform and Control Act of 1986. This background check is comprehensive and may involve fingerprinting. Upon initial appointment OR promotion to a position in the State Personnel Management System, an employee is required to serve an initial six- month probationary period. This probationary period may be extended an additional six months under certain circumstances at the discretion of the appointing authority

BENEFITS

STATE OF MARYLAND BENEFITS

FURTHER INSTRUCTIONS

Veterans

We thank our Veterans for their service to our country and encourage them to apply. If you are seeking veteran's preference, please submit a copy of your DD-214.

Attachments

The preferred method for submitting additional information is to upload it directly into your online account. Please remove references to the first 5 digits of your SSN and your DOB on all attachments by deleting, redacting or blacking that information out with a marker. Any attachments necessary to demonstrate the minimum qualifications were met must be submitted by the filing deadline.

Faxes/Email

The online application process is STRONGLY preferred. If you choose fax or email as the option to submit your application and/or required additional information, you must include the following information on each page you submit:

First and Last Name
Recruitment Number (located at the top of the bulletin)
The last four digits of your SS#

Fax: 410-974-5249 – This fax number is for Comptroller of Maryland recruitment efforts only.

Email: dbrown@marylandtaxes.gov

For Further Questions

If you are having difficulty with your user account or have general questions about this online application system, please contact the MD Department of Budget and Management, Recruitment and Examination Division at 410-767-4850 or Application.Help@maryland.gov.

If you have questions about this particular recruitment, please contact the Comptroller of MD, Office of Human Resources at dbrown@marylandtaxes.gov

Please contact Stanley Harris at sharris@marylandtaxes.gov if you need reasonable accommodations.

As an equal opportunity employer, Maryland is committed to recruiting, retaining and promoting employees who are reflective of the State’s diversity. Bilingual applicants and people with disabilities are encouraged to apply.

45 Calvert Street, Annapolis, MD 21401

300-301 West Preston Street, Baltimore, MD 21201

Toll Free (800) 705-3493