Cyber Risk Management & Preparedness Specialist

MDEM is looking for a diligent, detail-oriented individual who is excited about making Maryland a safer place to live and work by assisting with the Cyber Preparedness Unit.

MDEM’s mission is to proactively reduce disaster risks and reliably manage consequences through collaborative work with Maryland’s communities and partners. MDEM is the department of State government with primary responsibility and authority for emergency preparedness policy, and for coordinating hazard mitigation, incident response, and disaster recovery. MDEM is a national leader in Emergency Management that provides Maryland residents, organizations, and emergency management partners with expert information, programmatic activities, and leadership in the delivery of financial, technical, and physical resources “to shape a resilient Maryland where communities thrive.” We do this by being Maryland's designated source of official risk reduction and consequence management information.

NOTE: This position operates within an on-call rotating schedule according to assignment within the State Emergency Operations Center (SEOC) to attend to all emergencies on a statewide 24/7 basis. This may involve working 12-hour shifts extended periods of time in support of 24-hour consequence management activities.

The Maryland Department of Emergency Management (MDEM) is a primary executive department of State government with primary responsibility and authority for emergency preparedness policy, and for coordinating hazard mitigation, incident response, and disaster recovery.  MDEM works to ensure that all Marylanders engage in preparedness activities and that the entire state is more disaster resilient.  The Preparedness Branch – Cyber Preparedness Unit is a critical part of MDEM’s mission. This position reports to the Risk Management & Assessment Program Coordinator. 

This position serves the State of Maryland, its State Agencies and Local Jurisdictions, in the following area:

• Local Jurisdiction Cyber Preparedness Support:
• Support the Local Cyber Preparedness Program with projects and initiatives to increase cyber preparedness, including:

• Cyber Preparedness Planning

• Plan Development

• Planning Workshops

• Cyber Preparedness Training

• Cyber Preparedness Testing & Exercise

• Provide technical assistance in support of Local Jurisdiction cyber preparedness activities.

• Provide cyber incident management support to Local Jurisdiction Offices of Emergency Management (OEMs)/Emergency Operations Center (EOCs)

• State Cyber Preparedness Support:

• Coordinate with and provide support to the DoIT Office of Security Management

• Provide support and technical assistance to State agencies emergency management coordinators.

• MDEM Information & Communication Technology (ICT) Support:

• Serve as the Third-Party Risk Analyst within the MDEM ICT Program.

• Support MDEMs Enterprise Risk Management (ERM) Program with a focus on cybersecurity, information technology, and third-party risks.

• Develop and maintain the following risk products:

• Third-Party Vendor Inventory

• Third-Party System/Software/Application/Service Inventory

• Third-Party Risk Assessments

• Third-Party Service Level Agreement (SLA) Inventory

• Third-Party Risk Monitoring Reports

• Conduct the analysis of organization business processes and systems (applications, data usage, SaaS, etc.) for privacy/security compliance.

• Assist with the establishment of a Cyber Risk Management Framework with MDEM adhering to NIST 800-53A, 800-39 & the NIST Risk Management Framework (RMF).

• Ensure Appropriate Risk Controls with Information Systems and Technology Procurements

• Develop an understanding of MDEM’s enterprise architecture

• Serve as the lead for MDEMs Third Party Risk Management (TPRM) program, to include the management of:

• Third-Party Risk Assessment

• Cybersecurity Risk

• Operational Risk

• Compliance Risk

• Reputational Risk

• Financial Risk

• Transaction Risk

• Strategic Risk

• Supply Chain Risk

• Third-Party Vendor Evaluation

• Third-Party Risk Tiering

• Third-Party Continuous Monitoring

• Assist with the development of Risk Awareness Training

• State of Maryland:

• Support programs, projects, initiatives, and activities of the Preparedness Branch and its Units and Programs; and

• Support programs, projects, initiatives, and activities of MDEM.

• Support programs, projects, initiatives, and activities of the Governor’s Office of Homeland Security.

In order to fulfill these responsibilities, this position requires strong communication, organizational, and management skills, as well as strong technical and presentation skills.

Education: Graduation from an accredited high school or possession of a high school equivalency certificate.

Experience: Five years of administrative staff or professional work.

Notes:

1. Candidates may substitute 30 credit hours from an accredited college or university for each year up to four years of the required experience.

2. Candidates may substitute the possession of a Bachelor's degree from an accredited college or university and one year of experience in administrative staff or professional work for the required experience.

3. Candidates may substitute the possession of a Master's degree from an accredited college or university for the required experience.

4. Candidates may substitute U.S. Armed Forces military service experience as a commissioned officer involving staff work related to the administration of rules, regulations, policy, procedures and processes, or overseeing or coordinating unit operations or functioning as a staff assistant to a higher-ranking commissioned officer on a year-for- year basis for the required experience.

· Certification as a Certified Risk Management Professional (CRMP) or similar certification. 

· Experience with Cyber Preparedness 

· Experience with Third-Party Risk Management (TPRM) 

· Experience with Database Management

· Experience with Training Delivery 

· Experience engaging a diverse set of stakeholders to include senior leadership.

· Experience working independently or collaboratively on Department projects.

· Experience exercising independent judgment and initiative in projects relation to Department objectives. 

· Experience preparing and presenting findings and recommendations in clear, concise reports. 

· Experience solving problems, thinking critically and analytically, visualizing data, develop products, and communicating clearly and effectively.

Online applications are highly recommended. However, if you are unable to apply online, the paper application and supplemental questionnaire may be submitted to: Maryland Department of Emergency Management, 5401 Rue Saint Lo Drive, Reisterstown, MD 21136. Paper application materials must be received in our office by the closing date for the recruitment. No postmarks will be accepted.

For questions regarding this recruitment, please call 410-702-3714, or email kiara.jones@maryland.gov. 

Appropriate accommodations for individuals with disabilities are available upon request by calling: MD TTY Relay Service 1-800-735-2258.

We thank our Veterans for their service to our country. People with disabilities and bilingual candidates are encouraged to apply.

As an equal opportunity employer, Maryland is committed to recruitment, retaining and promoting employees who are reflective of the State's diversity.