Job Posting for Manager Information Technology Services 2 (Information Security) Ref #18843-IES at Information Technology Services, Office of
Bachelor’s degree with at least 15 credit hours in cyber security,
information assurance or information technology and five years of information technology experience, including four years of information security or information assurance experience and three years at a supervisory level or one year at a managerial level.
Note: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Master’s Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field
Applicable Information Security certificate(s), including but not limited to:
o Certified Information Systems Security Professional (CISSP)
o Certificate in Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
o Certificate in Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
Working knowledge of:
o computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting
o government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS)
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
o business intelligence, data analysis, data modeling, data visualization, and data presentation
o Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series)
o IT Management Frameworks (ITIL, COBIT)
5 years’ experience in the following areas:
o leading an information security team
o applying and implementing network and/or system security
o information security incident response
o security policy/standard/guideline development, implementation, or interpretation
o technical writing
o conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
o compliance assessments, audit support/response, and compliance/audit remediation
3 years’ experience in the following areas:
o developing metrics and key performance indicators
o process development and process improvement
Experience with federal security requirements from the Food and Nutrition Services (FNS), the Centers for Medicare and Medicaid Services (CMS), and the Administration for Children and Families (ACF).
Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
Demonstrated critical thinking, problem solving and analytical skills
Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results
Under the direction of the Director of Information Security Services, within the Chief Information Security Office/Integrated Security Services/Security Services Team, the position will provide security services to the Integrated Eligibility System (IES) and its associated programs.
The mission of the Integrated Eligibility System (IES) is to enhance the well-being of New Yorkers by transforming health and human service delivery through coordinated business practices, modernized technology, and strategic partnerships. IES will provide eligibility, enrollment, case management, and payment functionality for Health and Human Service programs currently served by the Welfare Management System, Benefits Issuance Control System and other State systems. IES will build on the successful opening of the New York State of Health (NYSoH) by leveraging assets created for the health benefit exchange to modernize the eligibility system for health and human service programs.
The incumbent will support IES through providing in-depth information security consulting and services aligned with business needs of IES to ensure the confidentiality, integrity, and availability of information and systems.
The position requires an incumbent to act with a great deal of independence in alignment with IES upper-level management strategic direction. The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent will have to work with ITS teams, IES staff, and upper-level agency management to resolve technically complex and politically sensitive issues under pressure.
The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, NYS agencies, or ITS.
Specific duties include, but are not limited to:
Manages and implements information security and compliance programs.
Manages and resolves security threats to agency information systems.
Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies and HIPAA requirements.
Monitors and stays aware of information security industry trends, tools and techniques.
Maintains an adequate level of current knowledge and proficiency in information security through annual Continuing Professional Education (CPE) credits directly related to information security;
Performs additional duties as required.
Background check and fingerprinting are required.
All Office of Information Technology Services (ITS) employees are required to be tested weekly for COVID-19 unless they are fully vaccinated. Employees who are vaccinated must provide proof of vaccine status through a secure online portal.