Chief Information Security Officer (CISO)
The New York State Board of Elections is seeking candidates for the position of Chief Information Security Officer (classified as Manager Information Services). Under the direction of the agency's Chief Information Officer, the incumbent will ensure that information security policies and procedures are established and implemented to protect the information assets of the New York State Board of Elections (SBOE) and County Boards of Elections (CBOE). This position will also provide oversight of the Secure Elections Center and lead several of the Center's statewide security-based initiatives. The incumbent will participate in the creation and review of policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, recommend security strategies, and maintain current information security systems. The incumbent will ensure that procedures are in place to detect, prevent, contain, and recover from information security breaches and from natural or man-made disasters. The incumbent will also establish application security guidelines with an emphasis on compliance with State and federal information security standards and policy. Duties of this position include, but are not limited to, the following:
o Direct the activities of the Secure Elections Center and provide leadership to Center staff; o Develop and enhance the Board's information security policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, and inform and educate the SBOE and CBOE leadership and workforce; o Manage and further enhance information security technology assets and processes to proactively protect, shield, and defend the Board's election information assets from cyber threats and intrusions; o Manage proactive monitoring and scanning operations, and contain, mitigate, and report incidents as expeditiously as possible; o Lead development and maintenance of the Board's disaster recovery and business continuity policies, practices, and processes to ensure that business-critical information assets are recovered in the event of a disaster, as well as provide functional plan templates for CBOE use; o Develop and enhance cybersecurity education programs and training curriculums for SBOE staff and CBOE's; o Maintain and enhance Cybersecurity Regulations for CBOE's, provide guidance on regulation implementation, and oversee and report on compliance; o Work with CBOE's to ensure successful implementation of their Cybersecurity Remediation Plans and accurate application of grant funding on remediation efforts; o Evaluate risks that might affect election information assets and recommend improvements; o Function as an internal consulting resource on information security issues; o Establish and continuously strengthen executive-level partnerships with State, federal, and local agencies, as well as private-sector entities, regarding cyber security; o Direct and oversee outreach activities including presentations/conferences, information-sharing activities, trainings and exercises, briefings, reports, and meetings; and o Perform the full scope of managerial responsibilities as required. The following skills and abilities will be beneficial to successful performance of the job:
o Demonstrated experience creating a comprehensive security compliance plan based on national security standards; o Demonstrated ability to identify, analyze and evaluate technology risk, as well as measure the risk quantitatively and qualitatively; o In-depth analyses skills resulting in detailed written reports including recommended courses of action, and excellent written and verbal communication skills; o Demonstrated analytical and problem-solving skills; o Demonstrated ability to work both independently and as a part of a team to deliver quality, on-time work product; o Demonstrated ability to work well with people from many different disciplines with varying degrees of technical experience; o Outstanding organizational skills and attention to detail; o Demonstrated understanding of various regulatory and compliance mandates, as well as security standards; and o Demonstrated experience developing or reviewing contracts and related procurement documents for compliance with information security policies and statutory requirements.
Job Function
The New York State Board of Elections is seeking candidates for the position of Chief Information Security Officer (classified as Manager Information Services). Under the direction of the agency's Chief Information Officer, the incumbent will ensure that information security policies and procedures are established and implemented to protect the information assets of the New York State Board of Elections (SBOE) and County Boards of Elections (CBOE). This position will also provide oversight of the Secure Elections Center and lead several of the Center's statewide security-based initiatives. The incumbent will participate in the creation and review of policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, recommend security strategies, and maintain current information security systems. The incumbent will ensure that procedures are in place to detect, prevent, contain, and recover from information security breaches and from natural or man-made disasters. The incumbent will also establish application security guidelines with an emphasis on compliance with State and federal information security standards and policy. Duties of this position include, but are not limited to, the following:
o Direct the activities of the Secure Elections Center and provide leadership to Center staff; o Develop and enhance the Board's information security policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, and inform and educate the SBOE and CBOE leadership and workforce; o Manage and further enhance information security technology assets and processes to proactively protect, shield, and defend the Board's election information assets from cyber threats and intrusions; o Manage proactive monitoring and scanning operations, and contain, mitigate, and report incidents as expeditiously as possible; o Lead development and maintenance of the Board's disaster recovery and business continuity policies, practices, and processes to ensure that business-critical information assets are recovered in the event of a disaster, as well as provide functional plan templates for CBOE use; o Develop and enhance cybersecurity education programs and training curriculums for SBOE staff and CBOE's; o Maintain and enhance Cybersecurity Regulations for CBOE's, provide guidance on regulation implementation, and oversee and report on compliance; o Work with CBOE's to ensure successful implementation of their Cybersecurity Remediation Plans and accurate application of grant funding on remediation efforts; o Evaluate risks that might affect election information assets and recommend improvements; o Function as an internal consulting resource on information security issues; o Establish and continuously strengthen executive-level partnerships with State, federal, and local agencies, as well as private-sector entities, regarding cyber security; o Direct and oversee outreach activities including presentations/conferences, information-sharing activities, trainings and exercises, briefings, reports, and meetings; and o Perform the full scope of managerial responsibilities as required. The following skills and abilities will be beneficial to successful performance of the job:
o Demonstrated experience creating a comprehensive security compliance plan based on national security standards; o Demonstrated ability to identify, analyze and evaluate technology risk, as well as measure the risk quantitatively and qualitatively; o In-depth analyses skills resulting in detailed written reports including recommended courses of action, and excellent written and verbal communication skills; o Demonstrated analytical and problem-solving skills; o Demonstrated ability to work both independently and as a part of a team to deliver quality, on-time work product; o Demonstrated ability to work well with people from many different disciplines with varying degrees of technical experience; o Outstanding organizational skills and attention to detail; o Demonstrated understanding of various regulatory and compliance mandates, as well as security standards; and o Demonstrated experience developing or reviewing contracts and related procurement documents for compliance with information security policies and statutory requirements.
Salary Range:
From $99415 to $125629 Annually
Minimum Qualification
Candidates must have a bachelor's degree AND five years of information technology experience, including three years of information security or information assurance experience. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience. At the time of appointment, the incumbent must be a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), and will be expected to maintain certification.Estimated Salary: $20 to $28 per hour based on qualifications.
o Direct the activities of the Secure Elections Center and provide leadership to Center staff; o Develop and enhance the Board's information security policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, and inform and educate the SBOE and CBOE leadership and workforce; o Manage and further enhance information security technology assets and processes to proactively protect, shield, and defend the Board's election information assets from cyber threats and intrusions; o Manage proactive monitoring and scanning operations, and contain, mitigate, and report incidents as expeditiously as possible; o Lead development and maintenance of the Board's disaster recovery and business continuity policies, practices, and processes to ensure that business-critical information assets are recovered in the event of a disaster, as well as provide functional plan templates for CBOE use; o Develop and enhance cybersecurity education programs and training curriculums for SBOE staff and CBOE's; o Maintain and enhance Cybersecurity Regulations for CBOE's, provide guidance on regulation implementation, and oversee and report on compliance; o Work with CBOE's to ensure successful implementation of their Cybersecurity Remediation Plans and accurate application of grant funding on remediation efforts; o Evaluate risks that might affect election information assets and recommend improvements; o Function as an internal consulting resource on information security issues; o Establish and continuously strengthen executive-level partnerships with State, federal, and local agencies, as well as private-sector entities, regarding cyber security; o Direct and oversee outreach activities including presentations/conferences, information-sharing activities, trainings and exercises, briefings, reports, and meetings; and o Perform the full scope of managerial responsibilities as required. The following skills and abilities will be beneficial to successful performance of the job:
o Demonstrated experience creating a comprehensive security compliance plan based on national security standards; o Demonstrated ability to identify, analyze and evaluate technology risk, as well as measure the risk quantitatively and qualitatively; o In-depth analyses skills resulting in detailed written reports including recommended courses of action, and excellent written and verbal communication skills; o Demonstrated analytical and problem-solving skills; o Demonstrated ability to work both independently and as a part of a team to deliver quality, on-time work product; o Demonstrated ability to work well with people from many different disciplines with varying degrees of technical experience; o Outstanding organizational skills and attention to detail; o Demonstrated understanding of various regulatory and compliance mandates, as well as security standards; and o Demonstrated experience developing or reviewing contracts and related procurement documents for compliance with information security policies and statutory requirements.
Job Function
The New York State Board of Elections is seeking candidates for the position of Chief Information Security Officer (classified as Manager Information Services). Under the direction of the agency's Chief Information Officer, the incumbent will ensure that information security policies and procedures are established and implemented to protect the information assets of the New York State Board of Elections (SBOE) and County Boards of Elections (CBOE). This position will also provide oversight of the Secure Elections Center and lead several of the Center's statewide security-based initiatives. The incumbent will participate in the creation and review of policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, recommend security strategies, and maintain current information security systems. The incumbent will ensure that procedures are in place to detect, prevent, contain, and recover from information security breaches and from natural or man-made disasters. The incumbent will also establish application security guidelines with an emphasis on compliance with State and federal information security standards and policy. Duties of this position include, but are not limited to, the following:
o Direct the activities of the Secure Elections Center and provide leadership to Center staff; o Develop and enhance the Board's information security policies, procedures and programs that ensure compliance with all federal and State laws and industry best practices, and inform and educate the SBOE and CBOE leadership and workforce; o Manage and further enhance information security technology assets and processes to proactively protect, shield, and defend the Board's election information assets from cyber threats and intrusions; o Manage proactive monitoring and scanning operations, and contain, mitigate, and report incidents as expeditiously as possible; o Lead development and maintenance of the Board's disaster recovery and business continuity policies, practices, and processes to ensure that business-critical information assets are recovered in the event of a disaster, as well as provide functional plan templates for CBOE use; o Develop and enhance cybersecurity education programs and training curriculums for SBOE staff and CBOE's; o Maintain and enhance Cybersecurity Regulations for CBOE's, provide guidance on regulation implementation, and oversee and report on compliance; o Work with CBOE's to ensure successful implementation of their Cybersecurity Remediation Plans and accurate application of grant funding on remediation efforts; o Evaluate risks that might affect election information assets and recommend improvements; o Function as an internal consulting resource on information security issues; o Establish and continuously strengthen executive-level partnerships with State, federal, and local agencies, as well as private-sector entities, regarding cyber security; o Direct and oversee outreach activities including presentations/conferences, information-sharing activities, trainings and exercises, briefings, reports, and meetings; and o Perform the full scope of managerial responsibilities as required. The following skills and abilities will be beneficial to successful performance of the job:
o Demonstrated experience creating a comprehensive security compliance plan based on national security standards; o Demonstrated ability to identify, analyze and evaluate technology risk, as well as measure the risk quantitatively and qualitatively; o In-depth analyses skills resulting in detailed written reports including recommended courses of action, and excellent written and verbal communication skills; o Demonstrated analytical and problem-solving skills; o Demonstrated ability to work both independently and as a part of a team to deliver quality, on-time work product; o Demonstrated ability to work well with people from many different disciplines with varying degrees of technical experience; o Outstanding organizational skills and attention to detail; o Demonstrated understanding of various regulatory and compliance mandates, as well as security standards; and o Demonstrated experience developing or reviewing contracts and related procurement documents for compliance with information security policies and statutory requirements.
Salary Range:
From $99415 to $125629 Annually
Minimum Qualification
Candidates must have a bachelor's degree AND five years of information technology experience, including three years of information security or information assurance experience. Appropriate information security or information assurance experience may substitute for the bachelor's degree on a year-for-year basis; an associate's degree requires an additional two years of information technology, information security, or information assurance experience. Experience solely in information security or information assurance may substitute for the general information technology experience. At the time of appointment, the incumbent must be a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM), and will be expected to maintain certification.Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
