Information Security Officer

Background:

The Department of Information
Technology (DoIT) Office of Security Management (OSM) is requiring the services of Information Security Officer
(ISO) to support OSM in coordinating the adoption and
implementation of centrally provided cyber security services.

The primary duties involve
overseeing the daily operations of ISO -related projects and processes, planning
and scheduling service delivery and
adoption, identifying opportunities for the development of new services within
their assigned organizations. Detailed
responsibilities include, but are not limited to:

Duties and Responsibilities:

¨      Develop and maintain metrics to track adoption rates and regularly
assess and enhance security controls,

¨      conducting assessments and evaluations to ensure effectiveness and
compliance with established standards.

¨      Review and implement security policies to ensure compliance with
regulatory requirements and organizational standards.

¨      Conduct thorough reviews of vulnerability data, coordinating with
stakeholders to prioritize and address identified vulnerabilities effectively.

¨      Actively participate in Authorization to Operate (ATO)
assessments, contributing expertise to ensure systems meet security
requirements for operation.

¨      Collaborate with cross -functional teams to develop and enhance
security protocols and procedures for seamless integration and utilization.

¨      Regularly report on adoption rates and identify areas for
improvement.

¨      Monitor security systems to detect and respond to potential
threats.

¨      Act as the primary point of contact for ISO agency -related
inquiries and engagements.

¨      Monitor progress against established plans and adjust as
necessary.

¨      Develop strategic plans and roadmaps for service delivery.

¨      Implement measures to address identified vulnerabilities

¨      Participate in the design and implementation of secure system
architectures.

¨      Develop and deliver security awareness training programs for
employees.

¨      Ability to Develop and maintain an incident response plan.

¨      Lead and manage security -related projects, ensuring timely and
successful completion.

¨      Prepare and present security reports to management and
stakeholders.

¨      Maintain accurate and up -to -date security documentation.

¨      Ensuring efficient allocation of resources.

¨      Prepare and present security reports to management and
stakeholders.

¨      Maintain accurate and up -to -date security documentation.

¨      Ensuring efficient allocation of resources.

Requirements

*Education:

¨      Bachelor’s degree in computer science, information technology,
Information Security, Cybersecurity or related field.

¨      Advanced degrees or certifications such as CISSP, CISM, or CISA,
Sec+, CISSO.

*General
Experience:

¨      Minimum of 5 years’ experience in information security management,
IT administration, or related fields.

¨      3 years experience in implementing cyber assessment and
remediation plans, procedures, and cyber defense operations.

¨      Practical experience with security technologies, incident
response, risk management, and compliance.

¨      Analytical and problem -solving skills, with the ability to analyze
complex security issues and develop effective solutions.

*Specialized
Experience:

¨      Specific experience in implementing ISO plans, procedures, and
cyber defense operations.

¨      Experience tracking adoption rates and implementing centrally
managed cyber services.

¨      Experience in developing strategic plans, roadmaps, and business
cases for new cybersecurity initiatives

*Preferred
Qualifications:

¨      Graduate degree or certifications such as CISSP, CISM, or CISA

¨      Strong knowledge of industry standards, regulations, and best
practices related to information security, including ISO 27001, and NIST
Cybersecurity Framework.

¨      Excellent communication and collaboration skills, with the ability
to effectively communicate technical concepts.

¨      Strong analytical and problem -solving abilities.

¨      Meticulous attention to detail to identify and mitigate security
risks.

¨    Understanding of various security protocols, standards, and
methodologies. Proven experience in managing scalable cybersecurity projects,
including planning, execution, monitoring, and closing phases.

¨      Ability to coordinate cross -functional teams and manage multiple
projects simultaneously.

¨      Project management skills, with experience in planning,
scheduling, and monitoring the delivery of cybersecurity services.

¨     The candidate must be able to travel to the Maryland Department of
Information Technology (DoIT) office located in Crownsville, MD, as well as to
various agencies within the Baltimore/Annapolis region.

¨      Familiarity with federal, state, and local regulations related to
information security and privacy.

¨      Experience in implementing ISO plans, procedures, and cyber
defense operations.

¨      Experience tracking adoption rates and implementing centrally
managed cyber services.

Benefits