Jobs · Engineering · New York

Manager Information Technology Services 2 (Information Security), SG-29

New York State Department of Financial Services · Albany, New York Metropolitan Area · 2 wk ago
HybridEngineering$118k/yrFull-time

Description

The New York State Department of Financial Services seeks to build an equitable, transparent, and resilient financial system that benefits individuals and supports business. Through engagement, data-driven regulation and policy, and operational excellence, the Department and its employees are responsible for empowering consumers and protecting them from financial harm; ensuring the health of the entities we regulate; driving economic growth in New York through responsible innovation; and preserving the stability of the global financial system.

Duties

  • Directs and manages implementation of information security and compliance programs;
  • Provides direction and guidance to teams with responsibility for developing, deploying, and maintaining information security architecture;
  • Directs the development, interpretation, review, and communication of information security policies, procedures, and standards;
  • Captures and monitors information security compliance, recommends improvements to monitor access to information assets and ensure security safeguards are maintained;
  • Manages and resolves security threats to agency information systems and information security incident response;
  • Directs development and implementation of information security risk analysis and management processes;
  • Coordinates vulnerability scanning and analysis to help determine risk and remediation priorities;
  • Manages development and maintenance of enterprise risk registers, which includes reporting and tracking remediation efforts;
  • Directs the characterization and analysis of network traffic to identify anomalies and potential threats to network resources;
  • Determines events that require investigation and response;
  • Implements and improves information security incident response plans and reports;
  • Develops and implements plans and procedures to ensure business critical services are recovered in disaster efforts;
  • Directs investigation of alleged information security violations;
  • Coordinates collection, seizure, handling, and analysis of digital evidence;
  • Responds to requests for information from investigators;
  • May testify in proceedings regarding analytical processes and findings;
  • Serves as an information security expert and evaluates systems and contracts for alignment with State policies and standards;
  • Reviews contract, service level agreement, memorandum of understanding language, and other documents to verify needs, requirements, and alignment with State policies and standards;
  • Provides information security expertise and recommendations to agency executives on a broad range of information security matters;
  • Researches laws and regulations that could affect the security controls and classification of information assets;
  • Maintains awareness of information security trends, tools, and techniques to evaluate the applicability of the latest information security techniques and tools to agencies’ security programs;
  • Develops a multilayered and adaptive approach to counter information security threat environments;
  • Represents the agency at internal and external information security meetings;
  • Manages staff and resources dedicated to information security programs;
  • Collects metrics to measure the efficiency and effectiveness of information security programs;
  • Performs the full range of supervisory responsibilities;
  • and Other duties as assigned.

Preferred Qualifications

  • Minimum Qualifications: Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or a related field required. Master’s degree and professional certifications, such as CISSP, preferred. Minimum of seven (7) years of experience in a combination of risk management, information security and information technology fields. Experience in a leadership role is preferred.
  • Knowledge and understanding of common information security management frameworks, such as NIST 800-53, CIS Controls.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Technical experience in the fields of cybersecurity, information security, information technology and/or cybersecurity intelligence.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Familiarity with cybersecurity regulations, including the DFS Cybersecurity Regulation (23 NYCRR Part 500).
  • Strong analytical skills and ability to write clearly on complex issues.

Similar jobs