Bachelor’s degree with at least 15 credit hours in cyber security,
information assurance or information technology and five years of information technology experience, including four years of information security or information assurance experience and three years at a supervisory level or one year at a managerial level.
Note: bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Preferred Qualifications
- Master’s Degree with a concentration or major in Information Security, Cyber Security, Digital Forensics, Information Assurance, or a related field
- Applicable Information Security certificate(s), including but not limited to:
o Certified Information Systems Security Professional (CISSP)
o Certificate in Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
o Certificate in Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
o computer networks, intrusion detection systems, routers, firewalls, operating systems, network vulnerability assessments, web application vulnerability assessments, computer programming and scripting
o government security and privacy mandates/regulatory compliance (e.g., HIPAA, PCI, IRS Pub 1075, CJIS)
o Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering)
o business intelligence, data analysis, data modeling, data visualization, and data presentation
o Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series)
o IT Management Frameworks (ITIL, COBIT)
- 5 years’ experience in the following areas:
o leading an information security team
o applying and implementing network and/or system security
o information security incident response
o security policy/standard/guideline development, implementation, or interpretation
o technical writing
o conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
o compliance assessments, audit support/response, and compliance/audit remediation
- 3 years’ experience in the following areas:
o developing metrics and key performance indicators
o process development and process improvement
- Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
- Demonstrated critical thinking, problem solving and analytical skills
- Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results