Information Security Manager

Duties Description

ITS provides operational support to state agencies on a 24x7x365 basis; some positions may be required to provide this critical service at any time.

Job Overview

Under the direction of the Executive Director of Security Shared Services (S3) within the Chief Information Security Office/Security Shared Services section, this position will assist with the oversight of the Security Shared Services Bureau. The position will supervise four or more Senior Information Security Officers SG-29 who lead teams supporting the security needs of multiple ITS dedicated agency/sector teams. The position will oversee the Incident Response Program and aid in the oversight of the NYS Cyber Risk Remediation Program (CRRP) and the development of products offered by the Chief Information Security Office (CISO). The incumbent will act as a member of the Chief Information Security Office Executive Leadership Team and participate in shaping and implementing the strategic vision for cybersecurity within NYS.

The position requires an incumbent to act with a great deal of independence in alignment with agency and upper-level management strategic direction. The incumbent must be able to communicate orally and in writing with various individuals and groups including executive management, business users and other IT staff. The incumbent must communicate with clarity to subordinate staff regarding work priorities and performance. The incumbent will work with ITS Dedicated Support Teams and upper-level agency management to resolve technically complex and politically sensitive issues under pressure. The incumbent will have strong customer service skills and focus on developing relationships with key stakeholders. Availability during off‑shift hours is required to ensure appropriate response to security incidents or other critical matters that may impact sensitive information, critical systems, ITS, NYS agencies, or other partners (such as local governments).

Duties Include, But Are Not Limited To

• Assist with the direction of the Security Shared Services Bureau in developing, deploying, and maintaining processes and procedures in alignment with NYS State and agency information security policies and standards. Monitor compliance and take appropriate action as needed.
• Oversee the continued development of the ITS Cyber Incident Response Program, which includes continuously improving procedures and ensuring 24x7x365 rotating coverage schedules for IR responders.
• Enhance the Secure Software Development Lifecycle (SSDLC) process in response to shifting cyber landscape and the requirements of ITS, agencies, and NYS.
• Foster and develop relationships with key stakeholders, such as the Dedicated Commissioners of Technology (DCTs).
• Provide off‑hours leadership in response to cyber threats, incidents, and events on a rotating basis.
• Serve as information security expert and evaluate systems and contracts for alignment with agency and state information security policies.
• Provide advisement and expertise in the development of NYS security policies and standards.
• Assist with development and implementation of the Security Shared Services Bureau’s program and associated products.
• Perform administrative and strategic functions to assist the CISO Executive Leadership team in managing the operations of the Chief Information Security Office.
• Monitor and maintain awareness of information security industry trends, tools, and techniques.
• Perform the full range of supervisory responsibilities.

Qualifications

Minimum Qualifications

• Non‑competitive: Nine (9) years of information technology, cybersecurity, or information assurance experience, including three (3) years at the supervisory level or one (1) year at the managerial level.
• A bachelor's or higher‑level degree in any field, supplemented by 15 semester credit hours in computer science or related field, substitutes for three years of required experience; any bachelor’s substitutes for two years of required experience.
• Associate degree with 15 semester credit hours in computer science or related field may substitute for one year of required experience. Candidates in a bachelor’s degree program with at least 15 semester credit hours in computer science or related field may substitute such credits for one year of required experience.
• A master’s degree or higher in computer science or related field substitutes for one year of required experience.

Preferred Qualifications

• Applicable Information Security certificate(s) such as CISSP, CISM, etc.
• Experience in one or more of the following areas: leading information security teams, applying and implementing network, system, or application security, security policy/standard/guideline development, implementation, or interpretation, conducting risk assessments and evaluating information technology systems for security controls (SSDLC), process development, improvement, and measurement, information security incident response, developing metrics and key performance indicators.
• Strong understanding of enterprise IT environments, including but not limited to system administration, application architecture, network architecture, operating systems, and associated security controls and solutions (e.g., WAF, firewalls).
• Strong understanding of the foundations of Information Security, such as the CIA triad, information classification, identity and access management, risk management, vulnerability management, secure architecture and engineering, network security, software development security.
• Excellent oral and written communication skills including the ability to clearly articulate information technology and information security concepts to a varied audience to facilitate wide understanding.
• Demonstrated critical thinking, problem solving, and analytical skills.
• Demonstrated excellence in customer service.
• Demonstrated skill in facilitating meetings, listening, and negotiating between multiple stakeholders to drive results.

Additional Comments

ITS will not offer permanent employment to any candidate unless the candidate provides documentation that they are authorized to accept work in the United States on a permanent basis. It is the policy of ITS not to hire F1 or H1 visa holders for permanent employment or to sponsor non‑immigrant aliens for temporary work authorization visas or for permanent residence.

Some positions may require fingerprinting.

Some positions may require up to 25% travel and/or lifting up to 50 lbs. Some positions are pending Civil Service approval. Details of position(s) will be described further if you are selected for an interview.

If eligible, positions located in New York City will receive an additional $3,400 downstate adjustment location pay with regular annual salary. Positions located in the Mid‑Hudson will receive an additional $1,650 adjustment location pay.

Benefits of Working for NYS

Generous benefits package worth 65% of salary, including:

Holiday & Paid Time Off

• Thirteen (13) paid holidays annually
• Up to Thirteen (13) days of paid vacation leave annually
• Up to Five (5) days of paid personal leave annually
• Up to Thirteen (13) days of paid sick leave annually for PEF.
• Up to three (3) days of professional leave annually to participate in professional development.

Health Care Benefits

• Eligible employees and dependents can pick from a variety of affordable health insurance programs.
• Family dental and vision benefits at no additional cost.

Additional Benefits

• New York State Employees’ Retirement System (ERS) Membership.
• NYS Deferred Compensation.
• Access to NY 529 and NY ABLE College Savings Programs, as well as U.S. Savings Bonds.
• Public Service Loan Forgiveness (PSLF).
• And many more.

The Office of Information Technology Services is an equal opportunity employer, and we recognize that diversity in our workforce is critical to fulfilling our mission. We encourage all individuals with disabilities to apply.