Manager Information Technology Services 1 Infomation Security - 10283
About The Position
Under the direction of the Information Security Office within the Dedicated Support Team for Department of Labor, the Manager Information Technology Services 1 Information Security, SG-27 (MITS1 IS) will be the Manager of Cyber Risk and Security Operations. They will lead a team that provides risk assessment and security operation services to the Information Technology Services (ITS) Dedicated Support Team and their client agencies. The incumbent will lead their team in providing in-depth information security risk assessment consulting and services aligned with business needs of the client agencies to ensure confidentiality, integrity, and availability of information and systems and the position will lead the development and operation of a security information and event management program (SIEM). The position requires an incumbent to act with independence in alignment with agency and upper-level management strategic direction. The position requires communicating orally and in writing with various individuals including management, users, vendors, and other IT staff. The incumbent must be able to communicate clearly with subordinate staff regarding work priorities and performance. The incumbent will have to work with ITS teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure. The position requires availability during off-shift hours to ensure appropriate response to security incidents or other critical activities that may impact sensitive information, critical systems, New York State (NYS) agencies, or ITS. Specific duties shall include, but are not limited to: Develop the strategic implementation of a Security Information and Event Management program and related activities to operationalize the program. Serves as the incident response expert to triage SIEM alerts and liaisons with appropriate investigation units. Continually work with business units to define relevant threat hunting scenarios in the development and refinement of the SIEM program. Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies. Supervises staff and resources for an existing risk assessment security team. Assists the Information Security Officer with overall management of section activities as needed. Monitors and stays aware of information security industry trends, tools, and techniques. Serve as a liaison between DCT leadership and CISO, representing agency interests while supporting statewide cybersecurity initiatives. Performs additional duties as required.
Requirements
- Non-competitive: Seven years of information technology, cybersecurity, or information assurance experience, including one year at the supervisory level.
- Substitutions: A bachelor's or higher-level degree in any field including or supplemented by 15 semester credit hours in computer science or related field substitutes for three years of required experience; any bachelor's substitutes for two years of required experience. An associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor's degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience. A master's degree or higher in computer science or related field substitutes for one year of required experience.
Nice To Haves
- Applicable Information Security certificate(s), including but not limited to:
- Certified Information Systems Security Professional (CISSP)
- Incident Response (ECIH, GCFA, GCIH, GNFA, CySA+)
- Information Security Fundamentals (e.g., Security+, GSEC, CISF, GISF)
- Information Security Management (e.g., GSLC, GSTRT, GCEIT, CISM, CCISO)
- Certificate in Information Security Risk Management (e.g., CRISC, CAP, GCCC, CCSLP)
- Experience in one or more of the following areas:
- leading an information security team
- applying and implementing network, system, or application security
- security policy/standard/guideline development, implementation, or interpretation
- conducting risk assessments and evaluating information technology systems for security controls (SSDLC)
- process development, improvement, and measurement
- information security incident response and handling
- digital forensics and investigations
- log monitoring and analysis
- 3+ years' experience in the following areas:
- review and recommendations for network and/or system security
- information security incident response
- security policy/standard/guideline development, implementation, or interpretation
- technical writing
- 1+ years' experience in the following areas:
- developing metrics and key performance indicators
- Secure System Development Lifecycle (SSDLC)
- incident response and triage
- process development and process improvement
- interpreting and implementing IRS Federal Tax Information safeguards (Publication 1075)
- Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding
- Demonstrated critical thinking, problem solving and analytical skills
- Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results
Responsibilities
- Develop the strategic implementation of a Security Information and Event Management program and related activities to operationalize the program.
- Serves as the incident response expert to triage SIEM alerts and liaisons with appropriate investigation units.
- Continually work with business units to define relevant threat hunting scenarios in the development and refinement of the SIEM program.
- Serves as information security expert and evaluates systems and contracts for alignment with agency and State information security policies.
- Supervises staff and resources for an existing risk assessment security team.
- Assists the Information Security Officer with overall management of section activities as needed.
- Monitors and stays aware of information security industry trends, tools, and techniques.
- Serve as a liaison between DCT leadership and CISO, representing agency interests while supporting statewide cybersecurity initiatives.
- Performs additional duties as required.
Benefits
- Generous benefits package, worth 65% of salary, including:
- Holiday & Paid Time Off
- Thirteen (13) paid holidays annually
- Up to Thirteen (13) days of paid vacation leave annually
- Up to Five (5) days of paid personal leave annually
- Up to Thirteen (13) days of paid sick leave annually for PEF.
- Up to three (3) days of professional leave annually to participate in professional development
- Health Care Benefits
- Eligible employees and dependents can pick from a variety of affordable health insurance programs
- Family dental and vision benefits at no additional cost
- Additional Benefits
- New York State Employees' Retirement System (ERS) Membership
- NYS Deferred Compensation
- Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds
- Public Service Loan Forgiveness (PSLF)
- And many more.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Industry
Executive, Legislative, and Other General Government Support
Number of Employees
251-500 employees
