INFORMATION SECURITY MANAGER - 65000552

About The Position

Requirements

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
• A bachelor’s degree from an accredited college or university in computer science, management information systems, mathematics, or engineering and four years of progressively responsible information systems experience.
• Progressively responsible information systems experience can substitute on a year-for-year basis for the required college education.
• Any combination of progressively responsible information systems experience and post-secondary training in disciplines described above totaling eight years.

Nice To Haves

• Administrative, organizational, clerical skills, and attention to detail.
• Excellent communications skills (both verbal and written).
• Knowledge and skill using Microsoft Office applications (e.g., Word, Excel, Outlook, PowerPoint, etc.).
• Comprehensive knowledge of the systems development process and technology, project methodology, systems design and analysis tools and techniques.
• Ability to use and selectively apply a project methodology and utilize the tools and techniques necessary for project scheduling.
• Knowledge of Florida Statutes and Florida Administrative Code associated with cybersecurity and its compliance (e.g., 282.318 F.S., 60GG-2 F.A.C.).
• Foundational understanding on the National Institute of Standards and Technology (NIST) Cybersecurity framework.
• Knowledge and experience with federal security and privacy assessments.
• Knowledge of information technology computer fundamentals and enterprise network infrastructure.
• Knowledge of Inspector General (IG) processes.
• Ability to establish and maintain effective working relationships.
• Ability to plan, organize, and coordinate work assignments.
• Ability to work independently.

Responsibilities

• Development of the strategic and operational cybersecurity plans.
• Conduct and/or coordinate a comprehensive risk assessment.
• Develop, update, and implement cybersecurity strategies, policies, procedures, standards, and guidelines.
• Direction and management of the cybersecurity awareness program and periodic campaigns.
• Coordination of the agency information security risk management process.
• Establish and coordinate the agency Cybersecurity Response Team (CRT) to respond to a cybersecurity incident.
• Coordination of Information Technology Disaster Recovery planning in support of the agency Continuity of Operations Plan.
• Serving as the agency’s internal and external point of contact for all information security matters.
• Establish and provide reports directly to the agency head on matters associated with cybersecurity, audits, compliance, and other-directed matters.
• Direct compliance with applicable law for cybersecurity as well as the rules, policies, procedures, and best practices promulgated by the Florida Digital Services, under the Department of Management Services.
• Interpret security policies, regulations, standards, and other mandates into security control requirements and assess environments against those requirements.
• Facilitate/participate in computer security incident response activities, including incident identification and investigation, containment and remediation, reporting, and post-incident analysis.
• Advise and assist with the design and implementation of countermeasures or mitigating controls.
• Ensure that solicitations, contracts, and service-level agreements contain necessary cybersecurity requirements.
• Evaluate and recommend information security technologies and practices.
• Provide periodic internal audits and evaluations of the cybersecurity program.
• Serve as a liaise and the primary point of contact for external information technology audits and assessments.
• Direct, coordinate, produce, and report all necessary requested elements and artifacts to official audit and assessment inquiries.
• Plan, organize, control, and evaluate all applications and services to reduce risk associated with vulnerabilities.
• Communicate with management regarding information security issues and risks, providing recommended action.
• Actively monitor and be aware of current information security trends, information, and news.
• Participates in the change management process.
• Write, prepare and/or review system, application, and user documentation.
• Assist teams as needed on endpoint security toolset and ensure appropriate alerting.
• Assist teams as needed on Security Information and Event Management (SIEM) tools and ensure appropriate alerting.
• Provides management status briefings on the status of the information security program.
• Responsible for communicating with, motivating, training, and evaluating employees, and planning and directing employee’s work. Effectively recommends actions such as hiring, transfer, suspend, layoff, recall, promote, discharge, assign, reward, or discipline subordinate employees.
• Assist with the development and implementation of new products and services.
• Assists in translating customer requirements into executable project plans.
• Ensures vendors and outsourced technology are compatible with existing standards.
• Provides high-quality and professional customer service.
• Performs other related duties as required.

Benefits

• State Group Health Insurance Coverage
• $25,000 Life Insurance Policy (100% paid by employer)
• Dental, vision, and other supplemental insurance options available
• Annual and Sick Leave benefits
• 10 paid holidays each year
• Retirement plan options, including employer contributions
• Flexible Spending Accounts
• Tuition waivers to attend State of Florida community colleges, colleges, and universities!