|Company||NYS Office of Information Technology Services|
|Preferred GIAC Certifications||GCIH, GCTI, GCFE, GPEN|
|Salary||$112,155 - $141,538|
Under the direction of the Chief Information Security Officer, within the Chief Information Security Office Division of the New York State Office of Information Technology Services, the Information Security Manager will direct the Cyber Command Center bureau of the Division. This bureau provides detection and response services for New York State and local government entities and is made up of the Security Operations Center (SOC), the Cyber Incident Response Team (CIRT) section and the Threat Detection and Alerting (TD) section. The SOC is a team of analysts who serve as a central resource for receiving cyber security alerts/events for triage, analysis, routing and notification. The Cyber Incident Response Team (CIRT) assists entities in assessing the scope, magnitude and source of cyber intrusions and makes recommendations to prevent recurrence. The Threat Detection and Alerting section implements, administers and monitors traffic/logs of information systems designed to detect, validate, correlate and analyze security events. All sections work together to maintain up-to-date situational awareness/tracking on tactics, techniques and procedures (TTPs) to obtain tactical and strategic advantage over adversaries and proactively and iteratively search through logs to detect, validate, correlate and analyze advanced threats that may evade existing security solutions. This position will
regularly interface with the ITS Chief Information Security Officer and senior management within ITS regarding Enterprise and CISO operational issues.
Duties include, but are not limited to:
-Lead management activities of the Cyber Command Center through supervision of three (3) Grade 29 Manager of Information Technology Services 2s for CIRT, SOC and TD.
-Supervise staff in the proper performance of their duties. Monitors progress, reviews major staff initiatives and projects and takes appropriate action as needed.
-Develop, oversee and maintain a program for Cyber Command, including security event monitoring, incident detection and response, digital forensics and threat intelligence
-Drive the strategic goals of the unit.
-Manage a multi-million-dollar contract for Managed Security Services, including contractor performance and service delivery.
-Implement and enforce policies and procedures within the bureau that reflect applicable laws, policies, procedures, and regulations.
-Manage the publishing of incident response guidance for the constituency.
-Provide incident reports, summaries, and other situational awareness information to higher level executives.
-Manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after-action reporting.
-Manage analysis and distribution of threat or target information within the enterprise.
-Manage the monitoring of external data sources to maintain situational awareness.
-Interface with external organizations to ensure appropriate and accurate dissemination of incident and other information.
-Manage a spend plan for all areas of responsibility
-Make recommendations on purchases needed to support the program.
-Participate in talent management (acquisition, retention, training, etc.) within the Division
-Maintain a working knowledge of information security best practices.
-Keep abreast of current threats and research in the area of information security/cyber security.
-Support CISO project initiatives and all other projects as assigned.
Bachelor’s degree with at least 15 credit hours in cyber security,
information assurance or information technology and six years of information technology experience, including five years of information security or information assurance experience and four years at a supervisory level or two years at a managerial level.
Note: Bachelor's degree candidates without at least 15 course credits in cyber security, information assurance, or information technology require an additional year of general information technology experience to qualify. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of general information technology experience. Experience solely in information security or information assurance may substitute for the general information technology experience.
Master's Degree with a concentration or a major in Information Security, Cyber Security, Digital Forensics, or a related field.
Master's Degree with a concentration or major in Business Administration, Public Administration, or a related field with a certification in Information Security Management (e.g., CISSP, GSLC, GSTRT, CISM, CCISO).
Computer Network Defense (e.g., GCIA, GCED, GDAT, GPPA, GCDA, GMON, GWEB, CND, ECIH, GCIH)
Cyber Threat Intelligence (e.g., CTIA, GCTI, CCIP, CSTIR)
Digital Forensics (e.g., ACE, GCFA, GCFE, GREM, GNFA)
Penetration Testing (e.g., GPEN, CEH, GAWN, GWAPT, LPT).
5+ years' experience in leading a team in related work.
5+ years’ experience applying and implementing network and/or system security.
5+ years’ experience in information security incident response.
5+ years’ experience in technical writing.
3+ years’ experience in developing metrics and key performance indicators
3+ years’ experience in process development and process improvement.
2+ years’ experience in using SIEM technologies to support in-depth investigations.
1+ years’ experience in communication with reporting out to executive management and Governor’s Office.
Working knowledge of Information Security (CIA triad, Information Classification, Risk Management, Incident Response, Vulnerability Management, Security Architecture & Engineering);
Information Security Frameworks (NIST Cyber Security Framework, CIS Controls, ISO 2700 series) and technical security solutions (e.g., intrusion detection/prevention systems, firewalls).
Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.
Demonstrated critical thinking, problem solving and analytical skills.
Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.
Ability to obtain and maintain a Secret clearance.