Cyber operations manager

Full job description

Primary Location : United States of America-OHIO-Franklin County-Columbus

Work Locations : SOS Civic Center Dr 4 180 Civic Center Dr Floor 4 Columbus 43215

Organization : Secretary of State

Classified Indicator : Unclassified

Bargaining Unit / Exempt : Exempt

Schedule : Full-time

Compensation : $120,000-128,000 based on experience

Unposting Date : Mar 24, 2024, 10:59:00 PM

Primary Job Skill : Information Technology

Technical Skills : Information Technology, Cybersecurity

Professional Skills : Analyzation, Problem Solving, Situational Awareness, Strategic Thinking, Continuous Improvement

Primary Technology : Security Software and Hardware

Agency Contact Name : Lorrie Diaz

Agency Contact Information :

Cyber Operations Manager

Job Duties

CYBER OPERATIONS MANAGER (Hybrid)

About Us:

As Ohio’s Secretary of State, Frank LaRose is doing his part to deliver a thriving democracy and a prosperous economy for all Ohioans. In his role as the state’s chief elections officer, he is working to ensure that Ohio’s elections are both secure and accessible. And, as the first stop for new businesses in the Buckeye State, he is assisting entrepreneurs as they receive articles of incorporation for a new business.

What You'll Do:

The Cyber Operations Manager plays a crucial role in safeguarding the Ohio Secretary of State’s networks and data from security threats and vulnerabilities. This position will be responsible for managing the implementation, maintenance, and improvements of our cyber security controls to protect our technology assets and sensitive information.

• Oversee daily operations of Ohio Secretary of State (SOS) cyber security program areas to include, Vulnerability Management, Incident Response, SOC, & Security Engineering/Architecture.
• Provide guidance for mitigation actives during an incident.
• Provide CISO with recommendations on ways to improve operational efficiency & effectives; ensure operational activities align with strategic direction of security practice.
• Create & maintain operational procedures for assigned program areas; inform CISO on changing operational needs & desires.
• Enforce IT policies & regulatory standards through technical controls; recommend changes in SOS security tools & processes to endure compliance with policies, procedures, security controls & regulatory requirements.
• Answer questions & present formal/informal security concepts to internal and external peers.
• Mentor staff for future leadership opportunities; provide guidance & management of contractors & vendors supporting the SOS Information Technology Department.
• Review & monitor enterprise security systems taking appropriate action & responding to alarms/alerts per agency policy & procedure.

What’s in it for you:

At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website! Our benefits package includes:

Medical Coverage

• Quality, affordable, and competitive medical benefits are offered through the available Ohio Med plans.

Dental, Vision and Basic Life Insurance

• Dental, vision, and basic life insurance premiums are free after completed eligibility period. Length of eligibility period is dependent on union representation.

Time Away From Work and Work/Life Balance

• Paid time off, including vacation, personal, and sick leave
• 12 paid holidays per year
• Childbirth/Adoption leave

Employee Development Funds

• The State of Ohio offers a variety of educational and professional development funding that varies based on whether you are a union-exempt employee or a union-represented employee.

Ohio Public Employees Retirement System

• OPERS is the retirement system for State of Ohio employees. The employee contributes 10% of their salary towards their retirement. The employer contributes an amount equal to 14% of the employee’s salary. Visit the OPERS website for more information.

Deferred Compensation

• The Ohio Deferred Compensation program is a 457(b) voluntary retirement savings plan. Visit the Ohio Deferred Compensation website for more information.

Qualifications

Education
Preferred: Bachelor’s degree in computer science, information technology, or cybersecurity.

Certifications
Preferred: Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, information security governance, security program development and management, information security incident management, information security, information systems, network security, information assurance, troubleshooting, security operations, cryptography.
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH)
CompTIA Security+
Certified Information Systems Auditor (CISA)
Cisco Certified Network Associate (CCNA) - Security

Experience
Five or more years of experience in real-world security challenges including network security, vulnerability management, advanced network analysis, basic cyber analysis/operations, logging, access and identity management, network traffic analysis.

Knowledge, Skills & Abilities

• Strong technical skills in areas such as network security, operating systems, scripting, and information security tools and technologies.
• Knowledge and skill in applying host/network access controls (e.g., access control list).
• Skill in tuning sensors.
• Knowledge and skill in using incident handling methodologies.
• Skill in securing network communications.
• Skill in protecting a network against malware (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Knowledge and skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
• Knowledge & skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of data backup and recovery.
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of what constitutes a network attack.
• Knowledge of web filtering technologies.
• Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of network traffic analysis (tools, methodologies, processes).

Ohio is a Disability Inclusion State and strives to be a model employer of individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.

This position is Unclassified per ORC 124.11 (A) (30).

The final candidate selected for this position will be required to undergo a criminal background check. Criminal convictions do not necessarily preclude an applicant from consideration for a position. An individual assessment of an applicant's prior criminal convictions will be made before excluding an applicant from consideration.

The final applicant selected for this position will be required to submit to urinalysis prior to an appointment to test for illegal drug use.