Manager Information Technology Services 2 (Information Security), SG-29
New York State Department of Financial Services · Albany, New York Metropolitan Area · 2 wk ago
HybridEngineering$118k/yrFull-time
Description
The New York State Department of Financial Services seeks to build an equitable, transparent, and resilient financial system that benefits individuals and supports business. Through engagement, data-driven regulation and policy, and operational excellence, the Department and its employees are responsible for empowering consumers and protecting them from financial harm; ensuring the health of the entities we regulate; driving economic growth in New York through responsible innovation; and preserving the stability of the global financial system.
Duties
- Directs and manages implementation of information security and compliance programs;
- Provides direction and guidance to teams with responsibility for developing, deploying, and maintaining information security architecture;
- Directs the development, interpretation, review, and communication of information security policies, procedures, and standards;
- Captures and monitors information security compliance, recommends improvements to monitor access to information assets and ensure security safeguards are maintained;
- Manages and resolves security threats to agency information systems and information security incident response;
- Directs development and implementation of information security risk analysis and management processes;
- Coordinates vulnerability scanning and analysis to help determine risk and remediation priorities;
- Manages development and maintenance of enterprise risk registers, which includes reporting and tracking remediation efforts;
- Directs the characterization and analysis of network traffic to identify anomalies and potential threats to network resources;
- Determines events that require investigation and response;
- Implements and improves information security incident response plans and reports;
- Develops and implements plans and procedures to ensure business critical services are recovered in disaster efforts;
- Directs investigation of alleged information security violations;
- Coordinates collection, seizure, handling, and analysis of digital evidence;
- Responds to requests for information from investigators;
- May testify in proceedings regarding analytical processes and findings;
- Serves as an information security expert and evaluates systems and contracts for alignment with State policies and standards;
- Reviews contract, service level agreement, memorandum of understanding language, and other documents to verify needs, requirements, and alignment with State policies and standards;
- Provides information security expertise and recommendations to agency executives on a broad range of information security matters;
- Researches laws and regulations that could affect the security controls and classification of information assets;
- Maintains awareness of information security trends, tools, and techniques to evaluate the applicability of the latest information security techniques and tools to agencies’ security programs;
- Develops a multilayered and adaptive approach to counter information security threat environments;
- Represents the agency at internal and external information security meetings;
- Manages staff and resources dedicated to information security programs;
- Collects metrics to measure the efficiency and effectiveness of information security programs;
- Performs the full range of supervisory responsibilities;
- and Other duties as assigned.
Preferred Qualifications
- Minimum Qualifications: Bachelor’s degree in Information Security, Computer Science, Management of Information Systems, or a related field required. Master’s degree and professional certifications, such as CISSP, preferred. Minimum of seven (7) years of experience in a combination of risk management, information security and information technology fields. Experience in a leadership role is preferred.
- Knowledge and understanding of common information security management frameworks, such as NIST 800-53, CIS Controls.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Technical experience in the fields of cybersecurity, information security, information technology and/or cybersecurity intelligence.
- Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Familiarity with cybersecurity regulations, including the DFS Cybersecurity Regulation (23 NYCRR Part 500).
- Strong analytical skills and ability to write clearly on complex issues.